Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1382
Views
0
Helpful
2
Replies

5516-X: Allowing traffic from web server on separate ISP to internal private network on a specific port

R4L
Level 1
Level 1

‎10-02-2020 08:11 AM

Hey all.

 

We're experiencing difficulty allowing traffic from our outside web server's public IP to our internal SQL server on a specific port, on our 10.10.10.1 private network. We have web services for our customers to use that interface through IIS 10 on our web server, to our internal SQL server on our primary ISP. On our 1941 ISR we set up a static NAT rule for this and it worked just fine. On the ASA however, connections are being dropped in production and while testing using packet tracer.

 

We have defined a dynamic NAT for inside to outside, set a static NAT on the inside interface to allow the web server's public IP using that specific port, and defined an ACL as well, but each time has resulted in a failure. What can I look for that we haven't done yet?

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎10-02-2020 02:12 PM

we would like to see the configuration that you have configured - do ASA have reachability to local IP 10.10.10.1 ?

 

here is an example guide :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/nat_objects.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

R4L
Level 1
Level 1
In response to balaji.bandi

‎10-04-2020 09:26 AM - edited ‎10-04-2020 09:27 AM

See attached for the edited config.

Preview file
11 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card