Solved

Test ASA if it is listening on Port 80 or 443

Posted on 2014-12-17
5
423 Views
Last Modified: 2015-02-04
I have the ASA firewall configured as http server, so that it will allow the computer located in Network 192.168.61.0/24 to run ASDM and access ASA, and it works perfect.

 
ciscoasa# sh run | include http
http server enable
http 192.168.61.0 255.255.255.0 inside

However when I test the inside interface (through which ASDM session is coming through), if it is listening on port 80 or port 443, it does not reply for TCP , but it does reply on Ping request

Ping TCP:
ciscoasa# ping tcp  192.168.62.6 80
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to 192.168.62.6 port 80
from 192.168.62.6, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
ciscoasa#

Open in new window



Ping IP:
ciscoasa# ping 192.168.62.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.62.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa#

Open in new window



any help will be  very much appreciated.

Thanks
0
Comment
Question by:jskfan
  • 3
5 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 200 total points
ID: 40507776
You should have a management address, which is different from the various interface addresses.
0
 

Author Comment

by:jskfan
ID: 40508240
I am accessing ASA inside interface. It got to be the Management interface. Correct ?
I am also connecting with ASDM to ASA using the ASA inside interface IP address.
0
 

Author Comment

by:jskfan
ID: 40513176
I fixed the problem...
I needed to NAT the IP address of the Web Server to the Outside interface
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 300 total points
ID: 40589399
Hi ,

As it is listening on port 80,443 you can just do modifications on Server from where you are trying to access ASDM at OS level.Login to WebServer to Registry and make modifications on following path as below :

HKLM---------System---------Currentcontrolset-----Services--------LSA on right hand side you will see RestrictAnonymousSam (by default its value is set to 0 you can change the value to 1 or 2 depending on Operating System on your webserver.If it is Win2k the value should be 1 and if it is win2k3 then the value should be 2 just do the modifications and restart your web server and now try on ASA whether you are able to listen on port 80,443 just try once and see).
0
 

Author Closing Comment

by:jskfan
ID: 40590180
I thought I closed the Question:
I fixed the problem...
 I needed to NAT the IP address of the Web Server to the Outside interface

Thank you
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question