Forward Port 80 in ASA 5512
Hello,
I am having trouble forwarding a port in our ASA 5512. As far as I know, everything is setup correctly, but I cannot access our internal webserver via our external IP. I can however access the webserver using it's internal IP, so I know the website is available.
ASA 5512
ASA version: 8.6(1)2
ASDM version: 7.3(1)101
I have an ACL entry for the webserver: Following line is from the SHOW RUNNING-CONFIG cmd... "Ajera" is the webserver object:
access-list Outside_access_in extended permit tcp any object Ajera object-group DM_INLINE_TCP_1
I also have a NAT entry for the Webserver object: via the SHOW RUNNING-CONFIG cmd...
object network Ajera
nat (Inside,Outside) static interface service tcp www www
The above were configured via the ASDM. I also ran the packet trace tool and it PASSED all the way from the External Interface to the Webserver's internal IP. There is no firewall active on the webserver.
Any suggestions?
I am having trouble forwarding a port in our ASA 5512. As far as I know, everything is setup correctly, but I cannot access our internal webserver via our external IP. I can however access the webserver using it's internal IP, so I know the website is available.
ASA 5512
ASA version: 8.6(1)2
ASDM version: 7.3(1)101
I have an ACL entry for the webserver: Following line is from the SHOW RUNNING-CONFIG cmd... "Ajera" is the webserver object:
access-list Outside_access_in extended permit tcp any object Ajera object-group DM_INLINE_TCP_1
I also have a NAT entry for the Webserver object: via the SHOW RUNNING-CONFIG cmd...
object network Ajera
nat (Inside,Outside) static interface service tcp www www
The above were configured via the ASDM. I also ran the packet trace tool and it PASSED all the way from the External Interface to the Webserver's internal IP. There is no firewall active on the webserver.
Any suggestions?
Last Comment
ASKER
Hi,
Yes, the Ajera object is the private IP address of the server, and yes the webserver's default gateway is the inside IP of the asa.
I was actually able to get this figured out, for port 80 at least. I'm not sure what was causing the issue as my above configuration worked.
However, my current problem is I need to forward port 443 (ssl) so the site can be accessed via HTTPS. The ASA will not allow me to do so. It keeps telling me "NAT unable to reserve ports". I've already changed the ASDM mgmt to use a port other than 443. I also changed WebVPN to use a different port for SSL, so I cannot see why the ASA won't allow me to forward port 443.
Yes, the Ajera object is the private IP address of the server, and yes the webserver's default gateway is the inside IP of the asa.
I was actually able to get this figured out, for port 80 at least. I'm not sure what was causing the issue as my above configuration worked.
However, my current problem is I need to forward port 443 (ssl) so the site can be accessed via HTTPS. The ASA will not allow me to do so. It keeps telling me "NAT unable to reserve ports". I've already changed the ASDM mgmt to use a port other than 443. I also changed WebVPN to use a different port for SSL, so I cannot see why the ASA won't allow me to forward port 443.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
No one else had any solutions. I eventually resolved the issue on my own.
Networking
Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.
102K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Is the webserver default gateway the inside ip of the asa?