topic Http Connection inside Lan in Network Security

Http Connection inside Lan

beaujoire — Mon, 11 Mar 2019 20:43:43 GMT

Hi,

I am configuring a new ASA 5510 to replace a SonicWall and I have a problem with an HTTP Connection inside my LAN.

PC from the LAN ( using ASA LAN interface as gateway) can't Connect to a Camera video Web Server (192.168.4.20) on Port 80 whereas I can Ping it.

ADSM logs show :

106015# Deny TCP (no connection) from ip1 to ip2 Flags RST on Interface LAN.
The adaptive security appliance discarded a TCP Packet that has no Associated connection in the adaptive security appliance Connection table.

- I Enabled command "same-security-traffic permit intra-interface"

- HTTP inspection is disabled.

I used Capture feature on the Ingress Interface, I joined the Logs and a part of my ASA Running Config.

Any Ideas? Thank You

Http Connection inside Lan

Maykol Rojas — Thu, 09 Jun 2011 17:12:49 GMT

Hello,

Try this:

global (lan) 1 Interface

static (lan,lan) 192.168.4.20 192.168.4.20

Cheers

Mike

Http Connection inside Lan

beaujoire — Thu, 16 Jun 2011 16:31:46 GMT

Ok but Can I remove NAT exemption now ? ( I used it to avoid the dynamic nat : "Global (WAN) 1 interface" )

object-group network DM_INLINE_NETWORK_21

network-object 192.168.2.0 255.255.255.0

network-object 192.168.3.0 255.255.255.0

network-object 192.168.5.0 255.255.255.0

network-object 192.168.4.0 255.255.255.0

access-list LAN_nat0_outbound extended permit ip 192.168.0.0 255.255.248.0 object-group DM_INLINE_NETWORK_21

Thanks

Http Connection inside Lan

Maykol Rojas — Fri, 17 Jun 2011 05:43:08 GMT

Hello,

I am not quite sure if it is going to break any other configuration that you may have (VPN, access to another interface etc), so lets just disable the exeption just for the source host in question. Do the following:

access-list LAN_nat0_outbound line 1 deny ip 192.168.1.x host 192.168.4.20

The x represents the host from where you want to reach the camera server.

Let me know how it goes.

Mike