ASA 5510 - Access Website externally.
We currently have a website that was published on the intranet and is available to users. I am trying to make it accessible outside of the network. I have updated the settings below in the ASA ASDM yet it seems like I am missing a step since I am not able to access the site externally. As an fyi there are other ports that are open that allow access to functioning sites available externally.
Access Rule - Done
NAT Rules - Done
Network Object - done
Service Object - done
ACL Manager - Complete
Access Rule - Done
NAT Rules - Done
Network Object - done
Service Object - done
ACL Manager - Complete
El Fierro
what version of asa are you running? can you access your site via external ip? iis or apache? what about your dns?
Is the server on its own public IP, or are you port forwarding the traffic from the outside interface of the ASA? (Port Forwarding)
As mentioned above make sure it works internally before you do anything further.
Then you can NMAP from outside to see if ports 80/443 are open. Also use packet tracer (it on the tools meant in the ASDM.
Pete
As mentioned above make sure it works internally before you do anything further.
Then you can NMAP from outside to see if ports 80/443 are open. Also use packet tracer (it on the tools meant in the ASDM.
Pete
ASKER
This is ASA 5510 ASDM v7.1
Using IIS
The site is accessible internally.
I am trying to access the website via the outside ip address:port
It is currently using port 85 from the "webserver" for the internal connection.
The server does not have its own public ip address. I will be using port forwarding.
Using IIS
The site is accessible internally.
I am trying to access the website via the outside ip address:port
It is currently using port 85 from the "webserver" for the internal connection.
The server does not have its own public ip address. I will be using port forwarding.
out of curiosity why aren't you using port 80? can you post the config ?
ASKER
This was partially setup before I got here and I have been tasked to finish the project and get it working.
However, I have tried using port 80 it fails when trying to connect from the outside.
However, I have tried using port 80 it fails when trying to connect from the outside.
Like stated above, I think we be able to assist you better when you post (part of) your configuration. Of course you can sanitize it first.
ASKER
I just noticed when doing the show config the nat for the webserver "time clock server" does not show even though it is configured. As an fyi each thermostat is viable outside of the network.
Result of the command: "show config"
!
ASA Version 9.1(4)
!
hostname FFFF-5510-1
domain-name FFFF.Systems
enable password XXX encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd XXX encrypted
names
dns-guard
ip local pool ipad-vpn-pool 192.168.150.100-192.168.15
!
interface Ethernet0/0
description -> router
speed 1000
duplex full
nameif inside
security-level 100
ip address 111.11.1.1 255.255.255.0
!
interface Ethernet0/1
description ->(Cisco 1841)-->(T1)-->(Cisco 1841)-->lAve
nameif lAve
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/2
description
speed 100
duplex full
nameif outside
security-level 0
ip address 00.000.000.00 255.255.255.0
!
interface Ethernet0/3
nameif backup
security-level 0
ip address 222.222.2.22 255.255.255.248
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.4.1 255.255.255.0
!
boot system disk0:/asa914-k8.bin
boot system disk0:/asa841-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup backup
dns domain-lookup management
dns server-group DefaultDNS
name-server 10.10.X.X
name-server 10.10.X.X
name-server 10.10.X.X
name-server 10.10.X.X
domain-name FFFF.Systems
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network inside-network()
subnet 1XX.16.1.0 255.255.255.0
object network iPad-VPN-NET
subnet 192.168.150.0 255.255.255.0
object network Fl.Ave-Network
subnet 192.168.60.0 255.255.255.0
object service FileMaker
service tcp destination eq 5XXX
description FileMaker
object network Security-Maint
subnet 192.168.55.0 255.255.255.0
object service Syncrify
service tcp destination eq 5XXX
object network 10.10-Net
subnet 10.10.0.0 255.255.0.0
object service 8e6_SSH
service tcp destination eq 5XXX
object service RDP(Inside)
service tcp destination eq 3XXX
object network Server-10
host 10.10.10.12
object service Torrent
service tcp destination eq 42XXX
object network Apps-Server
host 10.10.10.100
object service MumbleTCP
service tcp destination eq 64XXX
object service MumbleUDP
service udp destination eq 64XXX
object service RDP(Server10)
service tcp destination eq 63XXX
object service Spiceworks(Inside)
service tcp destination eq https
object service Spiceworks(Outside)
service tcp destination eq 14XX
object network TimeClockServer
host 10.10.35.1
description Time Clock Server
object network Helpdesk_VM
host 10.10.10.10
description Spiceworks Server
object network FFFFACCT-Network
subnet 192.168.2.0 255.255.255.0
object service FTP
service tcp destination eq ftp
object service FTP-data
service tcp destination eq ftp-data
object service PLEX
service tcp destination eq 32XXX
object service RDP(TimeClockServer)
service tcp destination eq 63XXX
object network Thermostat-_SE_Kitchen
host 10.10.25.61
object network Thermostat-SMRC_Main_Mezan
host 10.10.25.21
object network Thermostat-_NW_Rooms_ABC
host 10.10.25.64
object network Thermostat-_SW_Rooms_DEF
host 10.10.25.65
object network Thermostat-_2nd_Floor
host 10.10.25.62
object service Thermostats-35021
service tcp destination eq 000
object service Thermostats-35061
service tcp destination eq 000
object service Thermostats-35062
service tcp destination eq 000
object service Thermostats-35064
service tcp destination eq 000
object service Thermostats-35065
service tcp destination eq 000
object service HTTP
service tcp destination eq www
object network MASH-NET
subnet 192.168.2.0 255.255.255.0
object network OPP-Net
subnet 10.20.1.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object object Fl.Ave-Network
network-object object inside-network()
object-group icmp-type DM_INLINE_ICMP_1
icmp-object time-exceeded
icmp-object unreachable
object-group icmp-type DM_INLINE_ICMP_2
icmp-object echo
icmp-object echo-reply
object-group icmp-type DM_INLINE_ICMP_3
icmp-object time-exceeded
icmp-object unreachable
icmp-object echo-reply
object-group icmp-type DM_INLINE_ICMP_4
icmp-object echo-reply
icmp-object time-exceeded
icmp-object unreachable
object-group service DM_INLINE_SERVICE_2
service-object object RDP(Server10)
service-object object RDP(Inside)
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_3
service-object object RDP(Inside)
service-object object RDP(TimeClockServer)
object-group service DM_INLINE_SERVICE_4
service-object object Spiceworks(Inside)
service-object object Spiceworks(Outside)
object-group network DM_INLINE_NETWORK_2
network-object object 10.10-Net
network-object object inside-network()
object-group network DM_INLINE_NETWORK_3
network-object object 10.10-Net
network-object object inside-network()
object-group service Thermostats
service-object object Thermostats-35021
service-object object Thermostats-35061
service-object object Thermostats-35062
service-object object Thermostats-35064
service-object object Thermostats-35065
object-group network DM_INLINE_NETWORK_4
network-object object Thermostat-_2nd_Floor
network-object object Thermostat-_NW_Rooms_ABC
network-object object Thermostat-_SE_Kitchen
network-object object Thermostat-_SW_Rooms_DEF
network-object object Thermostat-_Main_Mezanine
object-group service DM_INLINE_SERVICE_5
group-object Thermostats
service-object tcp destination eq www
object-group network DM_INLINE_NETWORK_5
network-object object 10.10-Net
network-object object inside-network()
access-list LAN_access_in extended permit ip object inside-network() object lAve-Network
access-list LAN_access_in extended permit ip any object MASH-NET
access-list LAN_access_in extended permit ip any object OPP-Net
access-list LAN_access_in extended permit ip any4 object iPad-VPN-NET
access-list LAN_access_in extended permit ip object iPad-VPN-NET any4
access-list LAN_access_in extended permit ip any4 any4
access-list LAN_access_in extended deny ip any4 any4
access-list Backup_access_in extended permit icmp any4 any4 object-group DM_INLINE_ICMP_4
access-list Backup_access_in extended deny ip any4 any4
access-list LAN_access_in_1 extended permit ip any4 any4
access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_2 object OPPIDAN-Net
access-list IPAD1-acl standard permit 192.168.60.0 255.255.255.0
access-list IPAD1-acl standard permit 10.10.0.0 255.255.0.0
access-list NAT extended permit ip object inside-network() object iPad-VPN-NET
access-list VPN extended permit ip object-group DM_INLINE_NETWORK_1 object iPad-VPN-NET
access-list lAve_access_in extended permit ip any4 any4
access-list lAve_access_in extended deny ip any4 any4
access-list Maintenance_access_in extended permit icmp any4 any4
access-list Maintenance_access_in extended permit ip any4 any4
access-list outside_access_in extended permit icmp any4 any4 object-group DM_INLINE_ICMP_3
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any4 object Server-10
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any4 object TimeClockServer
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 any4 object Helpdesk_VM
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 any4 object-group DM_INLINE_NETWORK_4
access-list outside_access_in extended deny ip any4 any4
access-list MASH_cryptomap extended permit ip object-group DM_INLINE_NETWORK_3 object MASH-NET
access-list backup_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_5 object MASH-NET
access-list backup_cryptomap_2 extended permit ip object-group DM_INLINE_NETWORK_2 object OPP-Net
pager lines 24
logging enable
logging asdm errors
mtu inside 1500
mtu FlAve 1500
mtu outside 1500
mtu backup 1300
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
icmp permit any backup
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (outside,any) source static any any destination static interface Server-10 service Syncrify Syncrify
nat (outside,any) source static any any destination static interface Server-10 service RDP(Server10) RDP(Inside)
nat (outside,any) source static any any destination static interface TimeClockServer service RDP(TimeClockServer) RDP(Inside)
nat (outside,any) source static any any destination static interface Helpdesk_VM service Spiceworks(Outside) Spiceworks(Inside)
nat (outside,any) source static any any destination static interface Thermostat-_Main_Mezanine service Thermostats-35021 HTTP
nat (outside,any) source static any any destination static interface Thermostat-_Kitchen service Thermostats-35061 HTTP
nat (outside,any) source static any any destination static interface Thermostat-_2nd_Floor service Thermostats-35062 HTTP
nat (outside,any) source static any any destination static interface Thermostat-_NW_Rooms_ABC service Thermostats-35064 HTTP
nat (outside,any) source static any any destination static interface Thermostat-_SW_Rooms_DEF service Thermostats-35065 HTTP
nat (inside,any) source static 10.10-Net 10.10-Net destination static OPP-Net OPP-Net no-proxy-arp route-lookup
nat (inside,any) source static inside-network() inside-network() destination static OPP-Net OPP-Net no-proxy-arp route-lookup
nat (inside,any) source static 10.10-Net 10.10-Net destination static MASH-NET MASH-NET no-proxy-arp route-lookup
nat (inside,any) source static inside-network() inside-network() destination static Accounting-NET Accounting-NET no-proxy-arp route-lookup
nat (inside,outside) source dynamic any interface
nat (inside,backup) source dynamic any interface
nat (any,any) source static iPad-VPN-NET iPad-VPN-NET no-proxy-arp
nat (any,any) source static any any destination static iPad-VPN-NET iPad-VPN-NET
!
object network lAve-Network
nat (any,outside) dynamic interface
object network 10.10-Net
nat (any,outside) dynamic interface
access-group LAN_access_in_1 in interface inside control-plane
access-group LAN_access_in in interface inside
access-group lAve_access_in in interface lAve
access-group outside_access_in in interface outside
access-group Backup_access_in in interface backup
route outside 0.0.0.0 0.0.0.0 67.208.197.1 128 track 1
route backup 0.0.0.0 0.0.0.0 96.94.7.54 200
route inside 10.10.0.0 255.255.0.0 172.16.1.2 1
route inside 192.168.50.0 255.255.255.0 172.16.1.2 1
route inside 192.168.55.0 255.255.255.0 172.16.1.2 1
route lAve 192.168.60.0 255.255.255.0 192.168.1.70 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-reco
no user-identity enable
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
aaa authorization command LOCAL
aaa authorization exec LOCAL
http server enable
http server session-timeout 60
http 192.0.0.0 255.255.255.0 management
http 172.0.0.0 255.255.255.0 inside
http 10.10.0.0 255.255.0.0 inside
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 backup
no snmp-server location
no snmp-server contact
!
track 1 rtr 1 reachability
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 10
management-access inside
dhcpd address 192.168.4.2-192.168.4.20 management
dhcpd enable management
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect pptp
class class-default
user-statistics accounting
!
NAT.JPG
Result of the command: "show config"
!
ASA Version 9.1(4)
!
hostname FFFF-5510-1
domain-name FFFF.Systems
enable password XXX encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd XXX encrypted
names
dns-guard
ip local pool ipad-vpn-pool 192.168.150.100-192.168.15
!
interface Ethernet0/0
description -> router
speed 1000
duplex full
nameif inside
security-level 100
ip address 111.11.1.1 255.255.255.0
!
interface Ethernet0/1
description ->(Cisco 1841)-->(T1)-->(Cisco 1841)-->lAve
nameif lAve
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/2
description
speed 100
duplex full
nameif outside
security-level 0
ip address 00.000.000.00 255.255.255.0
!
interface Ethernet0/3
nameif backup
security-level 0
ip address 222.222.2.22 255.255.255.248
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.4.1 255.255.255.0
!
boot system disk0:/asa914-k8.bin
boot system disk0:/asa841-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup backup
dns domain-lookup management
dns server-group DefaultDNS
name-server 10.10.X.X
name-server 10.10.X.X
name-server 10.10.X.X
name-server 10.10.X.X
domain-name FFFF.Systems
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network inside-network()
subnet 1XX.16.1.0 255.255.255.0
object network iPad-VPN-NET
subnet 192.168.150.0 255.255.255.0
object network Fl.Ave-Network
subnet 192.168.60.0 255.255.255.0
object service FileMaker
service tcp destination eq 5XXX
description FileMaker
object network Security-Maint
subnet 192.168.55.0 255.255.255.0
object service Syncrify
service tcp destination eq 5XXX
object network 10.10-Net
subnet 10.10.0.0 255.255.0.0
object service 8e6_SSH
service tcp destination eq 5XXX
object service RDP(Inside)
service tcp destination eq 3XXX
object network Server-10
host 10.10.10.12
object service Torrent
service tcp destination eq 42XXX
object network Apps-Server
host 10.10.10.100
object service MumbleTCP
service tcp destination eq 64XXX
object service MumbleUDP
service udp destination eq 64XXX
object service RDP(Server10)
service tcp destination eq 63XXX
object service Spiceworks(Inside)
service tcp destination eq https
object service Spiceworks(Outside)
service tcp destination eq 14XX
object network TimeClockServer
host 10.10.35.1
description Time Clock Server
object network Helpdesk_VM
host 10.10.10.10
description Spiceworks Server
object network FFFFACCT-Network
subnet 192.168.2.0 255.255.255.0
object service FTP
service tcp destination eq ftp
object service FTP-data
service tcp destination eq ftp-data
object service PLEX
service tcp destination eq 32XXX
object service RDP(TimeClockServer)
service tcp destination eq 63XXX
object network Thermostat-_SE_Kitchen
host 10.10.25.61
object network Thermostat-SMRC_Main_Mezan
host 10.10.25.21
object network Thermostat-_NW_Rooms_ABC
host 10.10.25.64
object network Thermostat-_SW_Rooms_DEF
host 10.10.25.65
object network Thermostat-_2nd_Floor
host 10.10.25.62
object service Thermostats-35021
service tcp destination eq 000
object service Thermostats-35061
service tcp destination eq 000
object service Thermostats-35062
service tcp destination eq 000
object service Thermostats-35064
service tcp destination eq 000
object service Thermostats-35065
service tcp destination eq 000
object service HTTP
service tcp destination eq www
object network MASH-NET
subnet 192.168.2.0 255.255.255.0
object network OPP-Net
subnet 10.20.1.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object object Fl.Ave-Network
network-object object inside-network()
object-group icmp-type DM_INLINE_ICMP_1
icmp-object time-exceeded
icmp-object unreachable
object-group icmp-type DM_INLINE_ICMP_2
icmp-object echo
icmp-object echo-reply
object-group icmp-type DM_INLINE_ICMP_3
icmp-object time-exceeded
icmp-object unreachable
icmp-object echo-reply
object-group icmp-type DM_INLINE_ICMP_4
icmp-object echo-reply
icmp-object time-exceeded
icmp-object unreachable
object-group service DM_INLINE_SERVICE_2
service-object object RDP(Server10)
service-object object RDP(Inside)
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_3
service-object object RDP(Inside)
service-object object RDP(TimeClockServer)
object-group service DM_INLINE_SERVICE_4
service-object object Spiceworks(Inside)
service-object object Spiceworks(Outside)
object-group network DM_INLINE_NETWORK_2
network-object object 10.10-Net
network-object object inside-network()
object-group network DM_INLINE_NETWORK_3
network-object object 10.10-Net
network-object object inside-network()
object-group service Thermostats
service-object object Thermostats-35021
service-object object Thermostats-35061
service-object object Thermostats-35062
service-object object Thermostats-35064
service-object object Thermostats-35065
object-group network DM_INLINE_NETWORK_4
network-object object Thermostat-_2nd_Floor
network-object object Thermostat-_NW_Rooms_ABC
network-object object Thermostat-_SE_Kitchen
network-object object Thermostat-_SW_Rooms_DEF
network-object object Thermostat-_Main_Mezanine
object-group service DM_INLINE_SERVICE_5
group-object Thermostats
service-object tcp destination eq www
object-group network DM_INLINE_NETWORK_5
network-object object 10.10-Net
network-object object inside-network()
access-list LAN_access_in extended permit ip object inside-network() object lAve-Network
access-list LAN_access_in extended permit ip any object MASH-NET
access-list LAN_access_in extended permit ip any object OPP-Net
access-list LAN_access_in extended permit ip any4 object iPad-VPN-NET
access-list LAN_access_in extended permit ip object iPad-VPN-NET any4
access-list LAN_access_in extended permit ip any4 any4
access-list LAN_access_in extended deny ip any4 any4
access-list Backup_access_in extended permit icmp any4 any4 object-group DM_INLINE_ICMP_4
access-list Backup_access_in extended deny ip any4 any4
access-list LAN_access_in_1 extended permit ip any4 any4
access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_2 object OPPIDAN-Net
access-list IPAD1-acl standard permit 192.168.60.0 255.255.255.0
access-list IPAD1-acl standard permit 10.10.0.0 255.255.0.0
access-list NAT extended permit ip object inside-network() object iPad-VPN-NET
access-list VPN extended permit ip object-group DM_INLINE_NETWORK_1 object iPad-VPN-NET
access-list lAve_access_in extended permit ip any4 any4
access-list lAve_access_in extended deny ip any4 any4
access-list Maintenance_access_in extended permit icmp any4 any4
access-list Maintenance_access_in extended permit ip any4 any4
access-list outside_access_in extended permit icmp any4 any4 object-group DM_INLINE_ICMP_3
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any4 object Server-10
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any4 object TimeClockServer
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 any4 object Helpdesk_VM
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 any4 object-group DM_INLINE_NETWORK_4
access-list outside_access_in extended deny ip any4 any4
access-list MASH_cryptomap extended permit ip object-group DM_INLINE_NETWORK_3 object MASH-NET
access-list backup_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_5 object MASH-NET
access-list backup_cryptomap_2 extended permit ip object-group DM_INLINE_NETWORK_2 object OPP-Net
pager lines 24
logging enable
logging asdm errors
mtu inside 1500
mtu FlAve 1500
mtu outside 1500
mtu backup 1300
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
icmp permit any backup
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (outside,any) source static any any destination static interface Server-10 service Syncrify Syncrify
nat (outside,any) source static any any destination static interface Server-10 service RDP(Server10) RDP(Inside)
nat (outside,any) source static any any destination static interface TimeClockServer service RDP(TimeClockServer) RDP(Inside)
nat (outside,any) source static any any destination static interface Helpdesk_VM service Spiceworks(Outside) Spiceworks(Inside)
nat (outside,any) source static any any destination static interface Thermostat-_Main_Mezanine service Thermostats-35021 HTTP
nat (outside,any) source static any any destination static interface Thermostat-_Kitchen service Thermostats-35061 HTTP
nat (outside,any) source static any any destination static interface Thermostat-_2nd_Floor service Thermostats-35062 HTTP
nat (outside,any) source static any any destination static interface Thermostat-_NW_Rooms_ABC service Thermostats-35064 HTTP
nat (outside,any) source static any any destination static interface Thermostat-_SW_Rooms_DEF service Thermostats-35065 HTTP
nat (inside,any) source static 10.10-Net 10.10-Net destination static OPP-Net OPP-Net no-proxy-arp route-lookup
nat (inside,any) source static inside-network() inside-network() destination static OPP-Net OPP-Net no-proxy-arp route-lookup
nat (inside,any) source static 10.10-Net 10.10-Net destination static MASH-NET MASH-NET no-proxy-arp route-lookup
nat (inside,any) source static inside-network() inside-network() destination static Accounting-NET Accounting-NET no-proxy-arp route-lookup
nat (inside,outside) source dynamic any interface
nat (inside,backup) source dynamic any interface
nat (any,any) source static iPad-VPN-NET iPad-VPN-NET no-proxy-arp
nat (any,any) source static any any destination static iPad-VPN-NET iPad-VPN-NET
!
object network lAve-Network
nat (any,outside) dynamic interface
object network 10.10-Net
nat (any,outside) dynamic interface
access-group LAN_access_in_1 in interface inside control-plane
access-group LAN_access_in in interface inside
access-group lAve_access_in in interface lAve
access-group outside_access_in in interface outside
access-group Backup_access_in in interface backup
route outside 0.0.0.0 0.0.0.0 67.208.197.1 128 track 1
route backup 0.0.0.0 0.0.0.0 96.94.7.54 200
route inside 10.10.0.0 255.255.0.0 172.16.1.2 1
route inside 192.168.50.0 255.255.255.0 172.16.1.2 1
route inside 192.168.55.0 255.255.255.0 172.16.1.2 1
route lAve 192.168.60.0 255.255.255.0 192.168.1.70 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-reco
no user-identity enable
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
aaa authorization command LOCAL
aaa authorization exec LOCAL
http server enable
http server session-timeout 60
http 192.0.0.0 255.255.255.0 management
http 172.0.0.0 255.255.255.0 inside
http 10.10.0.0 255.255.0.0 inside
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 backup
no snmp-server location
no snmp-server contact
!
track 1 rtr 1 reachability
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 10
management-access inside
dhcpd address 192.168.4.2-192.168.4.20 management
dhcpd enable management
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect pptp
class class-default
user-statistics accounting
!
NAT.JPG
So it's the TimeClockServer we're talking about?
I do see this one: nat (outside,any) source static any any destination static interface TimeClockServer service RDP(TimeClockServer) RDP(Inside)
When you try to connect to the webserver from the outside, does anything show up in the (ASDM) log?
I do see this one: nat (outside,any) source static any any destination static interface TimeClockServer service RDP(TimeClockServer) RDP(Inside)
When you try to connect to the webserver from the outside, does anything show up in the (ASDM) log?
ASKER
Yes we are talking about the Time Clock server. That setting is for rdp which works from the outside. When trying to connect from outside of the network I get connection denied on the ASDM.
Hi There,
is the timeclock server a Linux server?
Kindly verify the IP tables in that case.
The understanding is that the RDP port forwarding for this server works whereas the HTTP port forwarding does not work.
is the timeclock server a Linux server?
Kindly verify the IP tables in that case.
The understanding is that the RDP port forwarding for this server works whereas the HTTP port forwarding does not work.
What happens if you add the NAT statement again through the CLI? Is it giving you any errors?
ASKER
After restarting the ASDM I was able to get the NAT configuration to show in the config.
@Ian: The server is windows. You are correct the RDP port forwarding and Intranet website works for this server; connecting externally to the website does not.
(working) intranet: webserver ip:port/index.html
am I missing something?
external: outside ip:port/index.html
@Ian: The server is windows. You are correct the RDP port forwarding and Intranet website works for this server; connecting externally to the website does not.
(working) intranet: webserver ip:port/index.html
am I missing something?
external: outside ip:port/index.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Should be something like: http://www.website.com:1234
ASKER
Most of the responses were questions not suggestions.