12-15-2018 03:45 AM - edited 02-21-2020 08:34 AM
Good morning all, I'm trying to create a rule on my ASA that will allow the outside to a www on the inside of my network but not having much luck
4 | Dec 15 2018 | 11:06:15 | 106023 | 213.205.192.21 | 33112 | 192.168.6.245 | 80 | Deny tcp src outside:213.205.192.xx/33112 dst inside:192.168.6.245/80 by access-group "global_access" [0x0, 0x0] |
I have created the following:
object network AD-Conrtoller
host 192.168.6.245
description AD-Conrtoller
object service www-80
service tcp source eq www
description www-80
access-list inside_access_in extended permit tcp any object AD-Controller eq www
show nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static AD-Controller interface service any www-80
translate_hits = 2, untranslate_hits = 225
What is the issue with the above?
Thank you
Solved! Go to Solution.
12-15-2018 08:20 AM
12-15-2018 05:59 AM - edited 12-16-2018 01:44 AM
put this command and try and let us know
access-group inside_access_in in interface outside
you can also do a command
packet-tracer input outside tcp 8.8.8.8 1234 192.168.6.245 80 detail
than please share the output. this command will tell you where the problem is.
12-15-2018 08:20 AM
12-15-2018 11:23 AM
Hi RJI
there is still need for access-group command according to the given config
access-group inside_access_in in interface outside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: