firewall ASA 5505

Dear expert

plz i need  help  in this issue . We put website for external users outside our network
with public ip address 91.73.x.x .we connect  this server to specific port on firewall ASA5505.
so i can do nslookup for this URL successfully .but we cannot ping this public ip address internally .............and external  user can not open this link
plz  i need help
Who is Participating?
JFrederick29Connect With a Mentor Commented:
Your ASA config is fine.  You won't be able to ping the external IP from the inside.

Is the website on the ISA server?  Can you pull up the website from the server itself?
Can you post the configuration?
bu_7maid66Author Commented:

User Access Verification

Type help or '?' for a list of available commands.
DSC-ASA5505> ena
Password: ********
DSC-ASA5505# show run
DSC-ASA5505# show running-config
DSC-ASA5505# show running-config
: Saved
ASA Version 7.2(4)
hostname DSC-ASA5505
domain-name dsc.local
enable password 6yuqq2cgUL6uOrL2 encrypted
passwd 6yuqq2cgUL6uOrL2 encrypted
name BorderWare1-dmz
name BorderWare2-dmz
name BorderWare1-outside
name BorderWare2-outside
name DSCPISA-outside
name Server-Vlan
name Old-Servers
name Old-Exchange
name DSCPISA-dmz
name Exchange_Servers
name PC295-dmz
name AWalid-Inside
name Ouside-Inf
name deg-inside
name deg-outside
interface Vlan1
 nameif inside
 security-level 100
 ip address standby
interface Vlan2
 nameif outside
 security-level 0
 ip address Ouside-Inf standby
interface Vlan3
 nameif dmz
 security-level 50
 ip address standby
interface Vlan4
 description LAN Failover Interface
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
 switchport access vlan 3
interface Ethernet0/3
 switchport access vlan 3
interface Ethernet0/4
 switchport access vlan 3
interface Ethernet0/5
 switchport access vlan 3
interface Ethernet0/6
 switchport access vlan 3
interface Ethernet0/7
 switchport access vlan 4
ftp mode passive
dns server-group DefaultDNS
 domain-name dsc.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside-acl extended permit tcp any host BorderWare1-outside eq smtp

access-list outside-acl extended permit tcp any host BorderWare2-outside eq smtp

access-list outside-acl extended permit tcp any host DSCPISA-outside eq www
access-list outside-acl extended permit tcp any host DSCPISA-outside eq https
access-list outside-acl extended permit ip any host deg-inside inactive
access-list dmz-acl extended permit ip host BorderWare1-dmz any
access-list dmz-acl extended permit ip host BorderWare2-dmz any
access-list dmz-acl extended permit ip host DSCPISA-dmz any
access-list inside_nat0_outbound extended permit ip any 255.255.255
access-list inside_nat0_outbound extended permit ip any 255.255.255
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool remote mask
failover lan unit primary
failover lan interface failover Vlan4
failover key *****
failover interface ip failover standby
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1
nat (inside) 1
nat (inside) 1 Server-Vlan
nat (dmz) 1
static (dmz,outside) tcp DSCPISA-outside www DSCPISA-dmz www netmask 255.255.255
static (dmz,outside) tcp DSCPISA-outside https DSCPISA-dmz https netmask 255.255
static (inside,dmz) Server-Vlan Server-Vlan netmask
static (dmz,outside) BorderWare2-outside BorderWare2-dmz netmask

static (dmz,outside) BorderWare1-outside BorderWare1-dmz netmask

static (inside,outside) deg-outside deg-inside netmask
access-group inside_access_in in interface inside
access-group outside-acl in interface outside
access-group dmz-acl in interface dmz
route inside 1
route inside 1
route inside 1
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http inside
http Server-Vlan inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 10

group-policy DSC_Tunnel internal
group-policy DSC_Tunnel attributes
 dns-server value
 vpn-tunnel-protocol IPSec
 default-domain value dsc.local
username Sasi password TW5xbntfOI0nz4bd encrypted
username Sasi attributes
 vpn-group-policy DSC_Tunnel
username user1 password 0dldJICVF//EH4X3 encrypted
username user1 attributes
 vpn-group-policy DSC_Tunnel
username emadhalim password qgh/1vfBy9lQoxO7 encrypted privilege 15
username emadhalim attributes
 vpn-group-policy DSC_Tunnel
username ahmarashda password gIxrK24/413Nfznv encrypted
username ahmarashda attributes
 vpn-group-policy DSC_Tunnel
tunnel-group DSC_Tunnel type ipsec-ra
tunnel-group DSC_Tunnel general-attributes
 address-pool remote
 default-group-policy DSC_Tunnel
tunnel-group DSC_Tunnel ipsec-attributes
 pre-shared-key *
prompt hostname context
: end
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.