innosource
asked on
Cisco ASA not handling NAT traffic properly for internal web server
Simply trying to hit a web server on the inside of the network. Seeing the following syslog message on the firewall ... "Built inbound TCP connection 2067 for outside:38.101.218.165/306 44 to dmz:192.168.177.10/80"
However, nothing is returned to the client browser. Only other syslog message is simply the "Teardown TCP connection". Any ideas?
However, nothing is returned to the client browser. Only other syslog message is simply the "Teardown TCP connection". Any ideas?
Make sure that your webserver has the gateway of the inside port.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ahhh ... the server is multihomed, and I am using the secondary NIC for the DMZ. The two interfaces on the server are not on the same subnet. I will check the gateway address. Thanks for your help. I will let you know if it resolves the problem.
ASKER
Thanks! The server is using two interfaces, and the DMZ connection is set to use the secondary NIC which is not on the default gateway of the firewall interface. Changing the web server to use the DG of the DMZ firewall interface solved the problem. Thanks!