Cannot access website from behind same Firewall as the Web Server

I have an ASA 5505 with two public IP’s, one for the outside interface of the router and the other is assigned to the Static NAT rule for my Web Server.  I cannot access any websites hosted on my Web Server using their URL from a PC connected to the Internet through the ASA 5505. I have two VLans, one for the inside interface and one for the outside interface.  I am a router/firewall novice and have set this up using ADSM with the help of the Wizards and some assistance from members here.
skip59Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David PiniellaCommented:
troubleshoot connectivity first: can you ping the IP of the webserver, do the logs on the webserver show any hits from your internal network?
0
skip59Author Commented:
Current Firewall setting do not pass ping requests.  I could setup a rule to let it reply if necessary. When I try to connect from a browser on the internal network I do not see any traffic from a source IP of my outside interface or my internal IP in the logs.   I did not mention  in my original post that all  websites hosted on this server are working fine when connected to from a device outside my firewall, ie I can connect to a site on my phone through cell internet access.
0
David PiniellaCommented:
set up a policy to log access when going from internal vlan to the site/IP.  This may be of use to you: http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_logging.html

The site is up and your external > internal is working, or you wouldn't get access from the outside. You'll probably want to setup that ping policy just for your own internal monitoring, but even if that's not something you want permanently, I think it would help you troubleshoot your internal access issue.
0
kellemannCommented:
Your problem is probably related to DNS. If DNS returns the public ip address of the webserver, the firewall won't allow an internal client to access another internal webserver using the public address.
If you have made a full 1-to-1 NAT of the public ip to the webserver, you just need to add the "dns" keyword after the NAT statement (called DNS rewrite in ASDM).
This manipulates the DNS response, and returns the webserver's internal ip to the client instead.
If this is not a possibility, you can do split DNS using your internal DNS server.
More here: http://windowsitpro.com/networking/split-brain-dns
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
skip59Author Commented:
Thank you very much.  That was it.  All I had to do was edit the Static NAT Rule and select the “Translate the DNS replies that match the translation rule” box under Connection Settings.  I have included a screenshot of the ADSM Static NAT Rule screen for other ADSM Novices like me out there.
1a.jpg
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.