Cisco ASA not handling NAT traffic properly for internal web server

Simply trying to hit a web server on the inside of the network. Seeing the following syslog message on the firewall ... "Built inbound TCP connection 2067 for outside:38.101.218.165/30644 to dmz:192.168.177.10/80"
However, nothing is returned to the client browser. Only other syslog message is simply the "Teardown TCP connection". Any ideas?
innosourceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nasirshCommented:
Make sure that your webserver has the gateway of the inside port.
0
MikeKaneCommented:
If that's all you are seeing in the logs, then it looks like the ASA did its job and passed the traffic.   No issue here.      The web server seems to be the next logical place to look for a point of failure.    As nasirch said, check the default gateway.    Make sure the firewall can ping the 192.168.177.10 address (do this from the CLI on the ASA).      

Some other items to check initially:
1) MAke sure firewalls are disabled on the web host.
2) Check the web host inbound log.   If the request came in, the host would have recorded it if logging is enabled.  
3) Ensure the web service is running correctly.  Can you bring up the web page from another system on the same subnet?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
innosourceAuthor Commented:
Ahhh ... the server is multihomed, and I am using the secondary NIC for the DMZ. The two interfaces on the server are not on the same subnet. I will check the gateway address. Thanks for your help. I will let you know if it resolves the problem.
0
innosourceAuthor Commented:
Thanks! The server is using two interfaces, and the DMZ connection is set to use the secondary NIC which is not on the default gateway of the firewall interface. Changing the web server to use the DG of the DMZ firewall interface solved the problem. Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.