Solved

Test ASA if it is listening on Port 80 or 443

Posted on 2014-12-17
5
375 Views
Last Modified: 2015-02-04
I have the ASA firewall configured as http server, so that it will allow the computer located in Network 192.168.61.0/24 to run ASDM and access ASA, and it works perfect.

 
ciscoasa# sh run | include http
http server enable
http 192.168.61.0 255.255.255.0 inside

However when I test the inside interface (through which ASDM session is coming through), if it is listening on port 80 or port 443, it does not reply for TCP , but it does reply on Ping request

Ping TCP:
ciscoasa# ping tcp  192.168.62.6 80
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to 192.168.62.6 port 80
from 192.168.62.6, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
ciscoasa#

Open in new window



Ping IP:
ciscoasa# ping 192.168.62.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.62.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa#

Open in new window



any help will be  very much appreciated.

Thanks
0
Comment
Question by:jskfan
  • 3
5 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 200 total points
ID: 40507776
You should have a management address, which is different from the various interface addresses.
0
 

Author Comment

by:jskfan
ID: 40508240
I am accessing ASA inside interface. It got to be the Management interface. Correct ?
I am also connecting with ASDM to ASA using the ASA inside interface IP address.
0
 

Author Comment

by:jskfan
ID: 40513176
I fixed the problem...
I needed to NAT the IP address of the Web Server to the Outside interface
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 300 total points
ID: 40589399
Hi ,

As it is listening on port 80,443 you can just do modifications on Server from where you are trying to access ASDM at OS level.Login to WebServer to Registry and make modifications on following path as below :

HKLM---------System---------Currentcontrolset-----Services--------LSA on right hand side you will see RestrictAnonymousSam (by default its value is set to 0 you can change the value to 1 or 2 depending on Operating System on your webserver.If it is Win2k the value should be 1 and if it is win2k3 then the value should be 2 just do the modifications and restart your web server and now try on ASA whether you are able to listen on port 80,443 just try once and see).
0
 

Author Closing Comment

by:jskfan
ID: 40590180
I thought I closed the Question:
I fixed the problem...
 I needed to NAT the IP address of the Web Server to the Outside interface

Thank you
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now