Carter_Machinery
asked on
Configuring Cisco ASA 5510 to allow external access to internal web server
I believe that the configuration to allow the traffic in is correct. However, I have an addtional access rule the states 'outside-network/30 inside-network/24 http permit'. This just doesn't seem right since I created an additional protocol rule only for https traffic. Should I remove this rule and will it effect other access if I do?
Thanks, Kevin
Thanks, Kevin
What port is the internal Web server listening on, is it 443 for SSL? The easiest way to do this assuming you have no other external traffic needing to be routed on that port would we be to set up a NAT where all https traffic that hits the WAN IP address on your the Cisco router is routed to the internal IP address of your web server.
ASKER
Patmac951,
I do have a NAT for the https traffic already setup. I am just concerned that I am letting traffic in that shouldn't be allowed with the rule mentioned above.
Thanks for the reply
I do have a NAT for the https traffic already setup. I am just concerned that I am letting traffic in that shouldn't be allowed with the rule mentioned above.
Thanks for the reply
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as long as the rule is going to a specific host and not your whole /24 subnet then you should be fine. rule should look something like the
access-list standard accesslistname permit tcp any host insidenetworkhostip eq http
accesslistname is the access list applied to the outside interface
insidenetworkhostip is your www server.
access-list standard accesslistname permit tcp any host insidenetworkhostip eq http
accesslistname is the access list applied to the outside interface
insidenetworkhostip is your www server.
ASKER
Just removing rules and then seeing what the results might be can be dangerous.