Solved

Forward Port 80 in ASA 5512

Posted on 2014-12-10
4
73 Views
Last Modified: 2015-10-12
Hello,

I am having trouble forwarding a port in our ASA 5512.  As far as I know, everything is setup correctly, but I cannot access our internal webserver via our external IP.  I can however access the webserver using it's internal IP, so I know the website is available.

ASA 5512
ASA version: 8.6(1)2
ASDM version: 7.3(1)101

I have an ACL entry for the webserver: Following line is from the SHOW RUNNING-CONFIG cmd...  "Ajera" is the webserver object:
access-list Outside_access_in extended permit tcp any object Ajera object-group DM_INLINE_TCP_1

I also have a NAT entry for the Webserver object: via the SHOW RUNNING-CONFIG cmd...
object network Ajera
 nat (Inside,Outside) static interface service tcp www www

The above were configured via the ASDM.  I also ran the packet trace tool and it PASSED all the way from the External Interface to the Webserver's internal IP.  There is no firewall active on the webserver.

Any suggestions?
0
Comment
Question by:CKilmer1975
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 40494750
Is the Ajera object the private ip address of the webserver?
Is the webserver default gateway the inside ip of the asa?
0
 

Author Comment

by:CKilmer1975
ID: 40500949
Hi,

Yes, the Ajera object is the private IP address of the server, and yes the webserver's default gateway is the inside IP of the asa.

I was actually able to get this figured out, for port 80 at least.  I'm not sure what was causing the issue as my above configuration worked.

However, my current problem is I need to forward port 443 (ssl) so the site can be accessed via HTTPS.  The ASA will not allow me to do so.  It keeps telling me "NAT unable to reserve ports".  I've already changed the ASDM mgmt to use a port other than 443.  I also changed WebVPN to use a different port for SSL, so I cannot see why the ASA won't allow me to forward port 443.
0
 

Accepted Solution

by:
CKilmer1975 earned 0 total points
ID: 41029218
This was solved on my own.  I had to change the port that the Cisco ASA used for it's internal SSL use from 443 to something else before I could forward 443 for my website.
0
 

Author Closing Comment

by:CKilmer1975
ID: 41035600
No one else had any solutions.  I eventually resolved the issue on my own.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN Ports 8 57
Network over eigrp 100 topology ? 3 63
Legal Discovery - Export Keywords to PST 2 55
TCP Reset from Server 3 37
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question