Link to home
Start Free TrialLog in
Avatar of skip59
skip59

asked on

Cannot access website from behind same Firewall as the Web Server

I have an ASA 5505 with two public IP’s, one for the outside interface of the router and the other is assigned to the Static NAT rule for my Web Server.  I cannot access any websites hosted on my Web Server using their URL from a PC connected to the Internet through the ASA 5505. I have two VLans, one for the inside interface and one for the outside interface.  I am a router/firewall novice and have set this up using ADSM with the help of the Wizards and some assistance from members here.
Avatar of David Piniella
David Piniella
Flag of United States of America image
troubleshoot connectivity first: can you ping the IP of the webserver, do the logs on the webserver show any hits from your internal network?
Avatar of skip59
skip59

ASKER

Current Firewall setting do not pass ping requests.  I could setup a rule to let it reply if necessary. When I try to connect from a browser on the internal network I do not see any traffic from a source IP of my outside interface or my internal IP in the logs.   I did not mention  in my original post that all  websites hosted on this server are working fine when connected to from a device outside my firewall, ie I can connect to a site on my phone through cell internet access.
Avatar of David Piniella
David Piniella
Flag of United States of America image
set up a policy to log access when going from internal vlan to the site/IP.  This may be of use to you: http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_logging.html

The site is up and your external > internal is working, or you wouldn't get access from the outside. You'll probably want to setup that ping policy just for your own internal monitoring, but even if that's not something you want permanently, I think it would help you troubleshoot your internal access issue.
ASKER CERTIFIED SOLUTION
Avatar of Jacob Kellemann
Jacob Kellemann
Flag of Denmark image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of skip59
skip59

ASKER

Thank you very much.  That was it.  All I had to do was edit the Static NAT Rule and select the “Translate the DNS replies that match the translation rule” box under Connection Settings.  I have included a screenshot of the ADSM Static NAT Rule screen for other ADSM Novices like me out there.
1a.jpg