Some help needed.
I've spent a while on this, let me set the scene
I've a webserver on the mgt interface (this is really a DMZ using the mgt interface as a non mgt interface, in otherwords box "dedicate this interface to management" not ticked)
This is IP range 192.168.50.x with websever at 192.168.50.99
I've a PC on the standard internal interface (inside) on 192.168.8.64
I cannot browse to http:\\192.168.50.99
(MGT) from 192.168.8.64 (inside) in other words it is not allowing web traffic between the interfaces. I looked up security levels etc and have kept them both to 100, I've also allowed the intefaces to talk to each other with "same-security-traffic permit inter-interface". Along with permit rules and NAT rules. FYI The box can ping both addresses from each of it's interfaces.
In the syslog I'm getting SYN Timeout which points me towards NAT, but I've NAT rules in for all networks to see each other.
I need help in allowing the inside to be able to browse to a web server on the mgt.
The webserver is working well on the localhost PC.
I've a sample of the config below.
Any help much apreciated.
ip address 192.168.8.254 255.255.255.0
description Mgt Internal
ip address 192.168.50.254 255.255.255.0
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network Inside_Network
subnet 192.168.8.0 255.255.255.0
object network Mgt-network
subnet 192.168.50.0 255.255.255.0
object-group network Internal_Networks
network-object object Inside_Network
network-object 192.168.21.0 255.255.255.0
network-object 192.168.40.0 255.255.255.0
network-object object Mgt-network
access-list inside_access_in extended permit tcp 192.168.8.0 255.255.255.0 any eq www
access-list inside_access_in extended permit tcp 192.168.8.0 255.255.255.0 any eq https
access-list inside_access_in extended permit tcp 192.168.8.0 255.255.255.0 any eq ftp
access-list inside_access_in extended permit ip 192.168.8.0 255.255.255.0 any
access-list inside_access_in extended permit ip object Mgt-network any
access-list backup_access_in extended deny ip any any
access-list Mgt_access_in extended permit tcp object-group Internal_Networks any eq www
access-list Mgt_access_in extended permit ip any any
access-list Mgt_access_out extended permit ip any any
nat (any,any) source static Internal_Networks Internal_Networks destination static Internal_Networks Internal_Networks no-proxy-arp description Nat Exemption for internal networks
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group Mgt_access_in in interface Mgt
access-group Mgt_access_out out interface Mgt
http server enable
http 192.168.8.0 255.255.255.0 inside
sysopt noproxyarp inside