Solved

Test ASA if it is listening on Port 80 or 443

Posted on 2014-12-17
5
471 Views
Last Modified: 2015-02-04
I have the ASA firewall configured as http server, so that it will allow the computer located in Network 192.168.61.0/24 to run ASDM and access ASA, and it works perfect.

 
ciscoasa# sh run | include http
http server enable
http 192.168.61.0 255.255.255.0 inside

However when I test the inside interface (through which ASDM session is coming through), if it is listening on port 80 or port 443, it does not reply for TCP , but it does reply on Ping request

Ping TCP:
ciscoasa# ping tcp  192.168.62.6 80
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to 192.168.62.6 port 80
from 192.168.62.6, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
ciscoasa#

Open in new window



Ping IP:
ciscoasa# ping 192.168.62.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.62.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa#

Open in new window



any help will be  very much appreciated.

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 200 total points
ID: 40507776
You should have a management address, which is different from the various interface addresses.
0
 

Author Comment

by:jskfan
ID: 40508240
I am accessing ASA inside interface. It got to be the Management interface. Correct ?
I am also connecting with ASDM to ASA using the ASA inside interface IP address.
0
 

Author Comment

by:jskfan
ID: 40513176
I fixed the problem...
I needed to NAT the IP address of the Web Server to the Outside interface
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 300 total points
ID: 40589399
Hi ,

As it is listening on port 80,443 you can just do modifications on Server from where you are trying to access ASDM at OS level.Login to WebServer to Registry and make modifications on following path as below :

HKLM---------System---------Currentcontrolset-----Services--------LSA on right hand side you will see RestrictAnonymousSam (by default its value is set to 0 you can change the value to 1 or 2 depending on Operating System on your webserver.If it is Win2k the value should be 1 and if it is win2k3 then the value should be 2 just do the modifications and restart your web server and now try on ASA whether you are able to listen on port 80,443 just try once and see).
0
 

Author Closing Comment

by:jskfan
ID: 40590180
I thought I closed the Question:
I fixed the problem...
 I needed to NAT the IP address of the Web Server to the Outside interface

Thank you
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question