topic Re: Cisco ASAv Nginx Load Balancer Upstream not working. in Network Security https://community.cisco.com/t5/network-security/cisco-asav-nginx-load-balancer-upstream-not-working/m-p/4758052#M1096994 <P>P.S. I added this to the NAT rules:</P><DIV><DIV><SPAN>nat (inside,lan-ext) after-auto source dynamic any interface</SPAN></DIV></DIV> Thu, 19 Jan 2023 18:49:44 GMT joematrix77 2023-01-19T18:49:44Z Cisco ASAv Nginx Load Balancer Upstream not working. https://community.cisco.com/t5/network-security/cisco-asav-nginx-load-balancer-upstream-not-working/m-p/4758045#M1096993 <P>Hey guys I'm having an issue where the traffic flow gets dropped to secondary Load Balancer upstream to the LAN here is my config, am I missing something? I also attached a network diagram for reference to what I am trying to get accomplished. Any suggestions will be greatly appreciated! Also How do I disable the Any Connect Portal?</P><P>Thanks in Advance!</P><P>&nbsp;</P><DIV><DIV><SPAN>interface GigabitEthernet0/0</SPAN></DIV><DIV><SPAN>description to WAN</SPAN></DIV><DIV><SPAN>nameif outside</SPAN></DIV><DIV><SPAN>security-level 0</SPAN></DIV><DIV><SPAN>ip address 192.168.1.167 255.255.255.0</SPAN></DIV><DIV><SPAN>no shut</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>interface GigabitEthernet0/1</SPAN></DIV><DIV><SPAN>description to LAN</SPAN></DIV><DIV><SPAN>nameif inside</SPAN></DIV><DIV><SPAN>security-level 100</SPAN></DIV><DIV><SPAN>ip address 192.168.0.1 255.255.255.0</SPAN></DIV><DIV><SPAN>no shut</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>interface GigabitEthernet0/6</SPAN></DIV><DIV><SPAN>description to LAN-EXT</SPAN></DIV><DIV><SPAN>nameif lan-ext</SPAN></DIV><DIV><SPAN>security-level 40</SPAN></DIV><DIV><SPAN>ip address 10.4.45.1 255.255.255.240</SPAN></DIV><DIV><SPAN>no shut</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>interface GigabitEthernet0/7</SPAN></DIV><DIV><SPAN>description to DMZ-INT</SPAN></DIV><DIV><SPAN>nameif dmz-int</SPAN></DIV><DIV><SPAN>security-level 30</SPAN></DIV><DIV><SPAN>ip address 10.4.44.1 255.255.255.240</SPAN></DIV><DIV><SPAN>no shut</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>interface GigabitEthernet0/8</SPAN></DIV><DIV><SPAN>description to DMZ-EXT</SPAN></DIV><DIV><SPAN>nameif dmz-ext</SPAN></DIV><DIV><SPAN>security-level 20</SPAN></DIV><DIV><SPAN>ip address 10.4.43.1 255.255.255.240</SPAN></DIV><DIV><SPAN>no shut</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>nat (inside,outside) after-auto source dynamic any interface</SPAN></DIV><DIV><SPAN>nat (dmz-int,outside) after-auto source dynamic any interface</SPAN></DIV><DIV><SPAN>nat (dmz-ext,outside) after-auto source dynamic any interface</SPAN></DIV><DIV><SPAN>nat (lan-ext,dmz-int) after-auto source dynamic any interface</SPAN></DIV><DIV><SPAN>nat (dmz-int,dmz-ext) after-auto source dynamic any interface</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>route outside 0.0.0.0 0.0.0.0 192.168.1.1</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>policy-map global_policy</SPAN></DIV><DIV><SPAN>class inspection_default</SPAN></DIV><DIV><SPAN>inspect icmp</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>object network WWW-EXT</SPAN></DIV><DIV><SPAN>host 10.4.43.2</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>object network WWW-INT</SPAN></DIV><DIV><SPAN>host 10.4.44.2</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>object service WEB-SERVICE</SPAN></DIV><DIV><SPAN>service tcp source eq WWW</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>nat (dmz-ext,outside) source static WWW-INT WWW-EXT service WEB-SERVICE WEB-SERVICE</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>access-list OUTSIDE extended permit tcp any object WWW-INT eq WWW</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>access-group OUTSIDE </SPAN><SPAN>in</SPAN><SPAN> interface outside</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>object network INSIDE-NET</SPAN></DIV><DIV><SPAN>subnet 192.168.0.0 255.255.255.0</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>object network DMZ-INT-NET</SPAN></DIV><DIV><SPAN>subnet 10.4.44.0 255.255.255.240</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>object network LAN-EXT-NET</SPAN></DIV><DIV><SPAN>subnet 10.4.45.0 255.255.255.240</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>object network DMZ-EXT</SPAN></DIV><DIV><SPAN>host 10.4.43.2</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>access-list DMZ-EXT-ACL extended permit tcp any object DMZ-EXT eq WWW</SPAN></DIV><DIV><SPAN>access-list DMZ-EXT-ACL extended deny ip any object INSIDE-NET</SPAN></DIV><DIV><SPAN>access-list DMZ-EXT-ACL extended deny ip any object DMZ-INT-NET</SPAN></DIV><DIV><SPAN>access-list DMZ-EXT-ACL extended deny ip any object LAN-EXT-NET</SPAN></DIV><DIV><SPAN>access-list DMZ-EXT-ACL extended permit ip any any</SPAN></DIV><DIV><SPAN>!</SPAN></DIV><DIV><SPAN>access-group DMZ-EXT-ACL </SPAN><SPAN>in</SPAN><SPAN> interface DMZ-EXT</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Internet Network Diagram Template.png" style="width: 989px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/173799i2D711646D0F62031/image-size/large?v=v2&amp;px=999" role="button" title="Internet Network Diagram Template.png" alt="Internet Network Diagram Template.png" /></span></SPAN></SPAN><P>&nbsp;</P></DIV></DIV> Thu, 19 Jan 2023 18:39:06 GMT https://community.cisco.com/t5/network-security/cisco-asav-nginx-load-balancer-upstream-not-working/m-p/4758045#M1096993 joematrix77 2023-01-19T18:39:06Z Re: Cisco ASAv Nginx Load Balancer Upstream not working. https://community.cisco.com/t5/network-security/cisco-asav-nginx-load-balancer-upstream-not-working/m-p/4758052#M1096994 <P>P.S. I added this to the NAT rules:</P><DIV><DIV><SPAN>nat (inside,lan-ext) after-auto source dynamic any interface</SPAN></DIV></DIV> Thu, 19 Jan 2023 18:49:44 GMT https://community.cisco.com/t5/network-security/cisco-asav-nginx-load-balancer-upstream-not-working/m-p/4758052#M1096994 joematrix77 2023-01-19T18:49:44Z