We help IT Professionals succeed at work.

ASA Firewall Issue to access Webserver

sumod_jacob
sumod_jacob asked
on
I have problem to access new website from outside. Connection from outside as Router > ASA 5520 > CSS > Web Server. Web server is in DMZ. I am able to access website from inside. seems Firewall access list not showing any hitcount. below is show nat and show access-list result


#Sh NAT
match ip web&sp_dmz host VMCOLLABSP-CancerTodaymag outside any
    static translation to 12.39.245.56
    translate_hits = 0, untranslate_hits = 1160

#Sh Access-List
access-list outside_access_in line 71 remark CancerTodaymag.org
access-list outside_access_in line 72 extended permit tcp any host 12.39.245.56 object-group Web_TCP_Ports 0x62b5b0b0
access-list outside_access_in line 72 extended permit tcp any host 12.39.245.56 eq www (hitcnt=0) 0xbc7a243e
access-list outside_access_in line 72 extended permit tcp any host 12.39.245.56 eq https (hitcnt=0) 0xefc064a4

Comment
Watch Question

Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
access-list outside_acl extended permit tcp any host 12.39.245.56 eq https

Open in new window

permit access to inside to your exchange website which is https .. try it
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
sorry i missed something , you are unable to access it from outside?
btw check this article explain logging in ASA

http://www.ciscopress.com/articles/article.asp?p=424447&seqNum=3
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011
Commented:
also check if you have these settings that can let OWA working well :

 static (inside,outside) tcp <public ip> http <server ip> http netmask 255.255.255.255
 static (inside,outside) tcp <public ip> https <server ip> https netmask 255.255.255.255

access-list outside_in permit tcp any host <public ip> eq http
access-list outside_in permit tcp any host <public ip> eq https
access-group outside_in in  interface outside
Senior IT Manager
Commented:
Solved... this was an explicit deny ACL issue in Firewall... Thanks
sumod_jacobSenior IT Manager

Author

Commented:
Issue solved by myself
sumod_jacobSenior IT Manager

Author

Commented:
ee