Solved

Test ASA if it is listening on Port 80 or 443

Posted on 2014-12-17
5
414 Views
Last Modified: 2015-02-04
I have the ASA firewall configured as http server, so that it will allow the computer located in Network 192.168.61.0/24 to run ASDM and access ASA, and it works perfect.

 
ciscoasa# sh run | include http
http server enable
http 192.168.61.0 255.255.255.0 inside

However when I test the inside interface (through which ASDM session is coming through), if it is listening on port 80 or port 443, it does not reply for TCP , but it does reply on Ping request

Ping TCP:
ciscoasa# ping tcp  192.168.62.6 80
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to 192.168.62.6 port 80
from 192.168.62.6, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
ciscoasa#

Open in new window



Ping IP:
ciscoasa# ping 192.168.62.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.62.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa#

Open in new window



any help will be  very much appreciated.

Thanks
0
Comment
Question by:jskfan
  • 3
5 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 200 total points
ID: 40507776
You should have a management address, which is different from the various interface addresses.
0
 

Author Comment

by:jskfan
ID: 40508240
I am accessing ASA inside interface. It got to be the Management interface. Correct ?
I am also connecting with ASDM to ASA using the ASA inside interface IP address.
0
 

Author Comment

by:jskfan
ID: 40513176
I fixed the problem...
I needed to NAT the IP address of the Web Server to the Outside interface
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 300 total points
ID: 40589399
Hi ,

As it is listening on port 80,443 you can just do modifications on Server from where you are trying to access ASDM at OS level.Login to WebServer to Registry and make modifications on following path as below :

HKLM---------System---------Currentcontrolset-----Services--------LSA on right hand side you will see RestrictAnonymousSam (by default its value is set to 0 you can change the value to 1 or 2 depending on Operating System on your webserver.If it is Win2k the value should be 1 and if it is win2k3 then the value should be 2 just do the modifications and restart your web server and now try on ASA whether you are able to listen on port 80,443 just try once and see).
0
 

Author Closing Comment

by:jskfan
ID: 40590180
I thought I closed the Question:
I fixed the problem...
 I needed to NAT the IP address of the Web Server to the Outside interface

Thank you
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question