https://community.cisco.com/t5/network-security/simple-https-access-intranet-not-so-simple/m-p/3414381#M951057 <P><SPAN>xx.xx.xx.151 - iam guessing this is public internet&nbsp;routeble IP, is this correct ?</SPAN></P> <P>&nbsp;</P> <P><SPAN>Do you have NAT rule for your internal IP ? (172.25.205.5-172.25.205.250).</SPAN></P> <P>&nbsp;</P> <P><SPAN>RFC 1918 - can not go directly to internet, you need to do NAT in the WAN end router/or device.</SPAN></P> <P>&nbsp;</P> <P><SPAN>if you can show the network topo, we can suggest much better.</SPAN></P> <P>&nbsp;</P> <P><SPAN>BB</SPAN></P> <P>&nbsp;</P> Thu, 12 Jul 2018 00:35:46 GMT balaji.bandi 2018-07-12T00:35:46Z https://community.cisco.com/t5/network-security/simple-https-access-intranet-not-so-simple/m-p/3414374#M951056 <P>A company that we've been talking to via HTTPS over our Internet connection wants us to<BR />run this HTTPS connection via our Internal Network which we connect to on our core Network <BR />just fine but can't access via our remote vpn sites.</P> <P>&nbsp;</P> <P>The Remote VPN sites are all connected to a 5510 that can reach<SPAN>&nbsp;xx.xx.xx.151 just fine.</SPAN></P> <P>&nbsp;</P> <P>The VPN connection on the remote ends are odd, they have a working IPSEC Tunnel but they actually connect to the&nbsp;<SPAN>xx.xx.xx.151 website</SPAN> via Cisco AnyConnect VPN clients. When they log into the AnyConnect they're given a Pool IP&nbsp;172.25.205.5-172.25.205.250</P> <P>&nbsp;</P> <P><SPAN>Note: We can reach other internal servers but not the xx.xx.xx.151</SPAN></P> <P>&nbsp;</P> <P>I've ran a packet capture but I don't think I'm doing it right.</P> <P>Packet-tracer input inside tcp 172.25.205.1 1025 xx.xx.xx.151 443 DETAIL <BR />&nbsp; &nbsp; Drop-reason: (acl-drop) Flow is denied by configured rule</P> <P>show run access-group<BR />&nbsp; &nbsp; access-group out_in in interface outside</P> <P>show config | inc out_in<BR />&nbsp; &nbsp; access-list out_in extended permit ip any any</P> <P>&nbsp;</P> <P>Any help on this would be greatly appreciated like I said various people have been trying to get it to work for 9 months.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Feb 2020 15:58:30 GMT https://community.cisco.com/t5/network-security/simple-https-access-intranet-not-so-simple/m-p/3414374#M951056 ixholla69 2020-02-21T15:58:30Z https://community.cisco.com/t5/network-security/simple-https-access-intranet-not-so-simple/m-p/3414381#M951057 <P><SPAN>xx.xx.xx.151 - iam guessing this is public internet&nbsp;routeble IP, is this correct ?</SPAN></P> <P>&nbsp;</P> <P><SPAN>Do you have NAT rule for your internal IP ? (172.25.205.5-172.25.205.250).</SPAN></P> <P>&nbsp;</P> <P><SPAN>RFC 1918 - can not go directly to internet, you need to do NAT in the WAN end router/or device.</SPAN></P> <P>&nbsp;</P> <P><SPAN>if you can show the network topo, we can suggest much better.</SPAN></P> <P>&nbsp;</P> <P><SPAN>BB</SPAN></P> <P>&nbsp;</P> Thu, 12 Jul 2018 00:35:46 GMT https://community.cisco.com/t5/network-security/simple-https-access-intranet-not-so-simple/m-p/3414381#M951057 balaji.bandi 2018-07-12T00:35:46Z https://community.cisco.com/t5/network-security/simple-https-access-intranet-not-so-simple/m-p/3414401#M951058 <P>Here's a quick map.</P> Thu, 12 Jul 2018 01:46:09 GMT https://community.cisco.com/t5/network-security/simple-https-access-intranet-not-so-simple/m-p/3414401#M951058 ixholla69 2018-07-12T01:46:09Z https://community.cisco.com/t5/network-security/simple-https-access-intranet-not-so-simple/m-p/3414448#M951059 <P>Can I apply the same ANY ANY ACL to this to the INSIDE Interface?</P> <P>&nbsp;</P> <P>show run access-group<BR />&nbsp; &nbsp; access-group out_in in interface outside&nbsp;&nbsp;&nbsp; &lt;------Current</P> <P>&nbsp;&nbsp;&nbsp; access-group out_in in interface INSIDE&nbsp;&nbsp;&nbsp; &lt;-----Add to INSIDE interface?</P> <P>&nbsp;</P> <P>Is that possible? I don't usually do Access-Groups so not sure if it's possible, would that allow the ANY ANY traffic to hit the INSIDE as well?</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 12 Jul 2018 03:57:47 GMT https://community.cisco.com/t5/network-security/simple-https-access-intranet-not-so-simple/m-p/3414448#M951059 ixholla69 2018-07-12T03:57:47Z