07-13-2018 05:16 AM - edited 02-21-2020 07:59 AM
Older 8.2 ASA will not let us get HTTPS out to an Intranet server. Sends other traffic just fine to Private RFC1918 space just won't do it to a Public IP that happens to be on the inside.
I've checked everything and tried everything I'm getting hits on the ACLs that I've applied.
There's an ANY ANY already applied to the inside interface I'm wondering if I can do an ANY ANY on the outside just to test and see if this traffic makes it through.
Also, what about dropping the SECURITY on the interface from 100 to 0 would that open it up? I've never done this so not sure if there's going to be some ramifications on a live network.
Any help would be greatly appreciated.
07-13-2018 06:53 AM
I wouldnt do an ANY any on your outside (although its possible, but is permits all from external). dont drop your security level on outside either.
two things you need to do:
-allow port 443 from any on your ouside interface to the internal IP address of the https server
-NAT destination outside (on pub ipo address of outside interface) from any on port 443 to inside private IP address of https server.
have you got a working example of a port forward that is already working that you can copy?
also run packet tracer tool to verify ASA logioc
07-13-2018 11:29 AM
The ASA is all Internal over Fiber, there's no "Internet" connection, it's INTRANET Only so it's secure.
I've done an ANY ANY and it doesn't seem to work.
I'm currently investigating lowering the security to 0 but have never done that. Technically, it should've never been a 100 in the first place they we're just being ridiculous.
07-13-2018 09:13 PM
As @Dennis Mink said, "run packet tracer tool".
Packet-tracer will show you what happens as the traffic flows through the ASA.
If packet-tracer reports it as OK, then run packet capture. The capture will show you the traffic leaving the ASA and whether or not return traffic is coming from the destination server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide