02-07-2020 06:18 AM
I am new to managing Firewalls, so any help would be appreciated. We have a link on our website that goes to one of our internal servers that we have. However, nothing is happening when I click the link on our website. When I do a Packet Trace, it shows that it DROPs at the ACCESS-LIST. Any ideas what I can check? I have attached some screenshots. Thank you in advance.
Solved! Go to Solution.
02-07-2020 06:38 AM - edited 02-07-2020 06:39 AM
You link is for HTTPS but your ACL only permits HTTP, therefore any connection on https will be dropped by the implicit deny at the end of the ACL.
You need to amend the ACL rule to include HTTPS.
You need to look at the properties of the WYNEAPPS1 and determine what IP address is defined, hopefully it is the private IP address.
02-07-2020 06:22 AM
02-07-2020 06:26 AM
Hi Jaderson,
Thank you for your feedback, I appreciate it as I am still learning Cisco Firewalls.
Which service should I check on the server? I am also not sure where to access the logs you are talking about. Please be patient, I am a novice. Appreciate your help!
02-07-2020 06:31 AM
Does the Global Implicit Rule that shows Deny, have anything to do with traffic being blocked from accessing the IP?
02-07-2020 06:27 AM
02-07-2020 06:35 AM
So WYNNEAPPS1 is the name of the server that the link on our website is trying to access. Here is the link from our website: https://63.147.191.67/Ships5Web/Application/. Thank you for your help!
Here is what I have under NAT Rules
02-07-2020 06:38 AM - edited 02-07-2020 06:39 AM
You link is for HTTPS but your ACL only permits HTTP, therefore any connection on https will be dropped by the implicit deny at the end of the ACL.
You need to amend the ACL rule to include HTTPS.
You need to look at the properties of the WYNEAPPS1 and determine what IP address is defined, hopefully it is the private IP address.
02-07-2020 06:48 AM
Thank you!
I changed the Access Rule to include HTTPS
The properties of WYNNEAPPS1 show the correct ip addresses
02-07-2020 06:54 AM
02-07-2020 06:58 AM
Yes, I can access the link if I am outside of my network or on data on a cell phone. However, I still cannot access it from my computer at the office. Do I need another rule so I can access it from office network? Thanks!
02-07-2020 07:04 AM
02-07-2020 07:07 AM
So if I am on my office network and go to our website the link is not going to work. So I need to access it by using the local IP 10.0.0.3? I thought maybe if I had a rule in place, I would still be able to access it directly from our website. The reason being, all my users do not know the local IP 10.0.0.3, they would just go to our website and click the link. Any workaround for this?
02-07-2020 07:13 AM
02-07-2020 07:26 AM
Where do I create the FQDN? Is that under Access or NAT Rules?
02-07-2020 07:30 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide