cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1899
Views
5
Helpful
2
Replies

ASA 5506 [ASA Version 9.8(2)] open port 80 for one local Web_Server!

Imma
Level 1
Level 1

Hello,

I have problem open port 80 on ASA firewall 5506 (routed mode). There are two WAN interfaces (VLAN192 for backup). Configuration as below:

 

object network Web-server-http
host 192.168.1.100

 

object network Web-server-http
nat (inside,outside) static interface service tcp www www
object network web-server-VLAN192
nat (inside,VLAN192) static interface service tcp www www


access-list outside_access_in_1 extended permit tcp any object Web-server-http eq www
access-list VLAN192_access_in extended permit tcp any object Web-server-http eq www

 

access-group outside_access_in_1 in interface outside
access-group VLAN192_access_in in interface VLAN192

 

When I scan the public IP for open ports - port 80 status result -Filtered. What I am missing?

 

I have followed the below guide:

https://www.petenetlive.com/KB/Article/0000077

 

Thank you in advanced,

Denisa

1 Accepted Solution

Accepted Solutions

Hi Balaji,

Thank you for your reply.

The guide you suggested did not work. It was the same with the guide I first followed.

In the attached file I have described the solution.

 

1. Create Access-List. Destination-Private IP of the Server. Service port http

2. Create NAT Rule: Add NAT Rule before: “Network Object” NAT Rules

3. Service Port must be created – Source Port

 

Kind Regards,

Denisa

View solution in original post

2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

Some time Scanning will detect ASA side as Attack, depends on how you scan.

 

how about you try telnet public-ip 80 (are you able to connect ?)

 

here is the clear setup guide

 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

Thank you for your reply.

The guide you suggested did not work. It was the same with the guide I first followed.

In the attached file I have described the solution.

 

1. Create Access-List. Destination-Private IP of the Server. Service port http

2. Create NAT Rule: Add NAT Rule before: “Network Object” NAT Rules

3. Service Port must be created – Source Port

 

Kind Regards,

Denisa

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: