03-06-2015 03:10 PM - edited 03-11-2019 10:36 PM
Hello,
i have a problem with a single port forward with 9.2 ASA (5505). Here is the related config.:
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 10.168.50.5 eq www log
access-list DMZ_in extended permit ip any any
nat (DMZ,outside) source dynamic obj_any interface
nat (DMZ,outside) source static any any destination static VPN_Pool VPN_Pool no-proxy-arp route-lookup
nat (outside,DMZ) source dynamic any interface destination static Public_Server Public_Server service HTTP HTTP
object network Public_Server
nat (DMZ,outside) static interface service tcp www www
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
When i try to access the server, the console said ACL drops. The packet tracer said that it dropped in the implicit deny rule. Can you help me what can be the problem?
Thank You!
Solved! Go to Solution.
03-08-2015 06:08 AM
I noticed that you also changed the syntax from "www" to "http" in your recommendation. So let's call it OUR suggestion. I think that may be why there were no hits on the object NAT rule. Maybe if the test is successful the rule can be moved back to section 2 under the Public_Server object just to see if the ASA recognizes protocol "www"
03-08-2015 06:19 AM
I think that's worth doing if only so we at least know for sure because this has been quite a confusing thread :-)
Jon
03-08-2015 05:55 AM
Something else I find a bit strange is the protocol in the NAT rule. My ASA running 9.x code does not hae a tcp service "www" it only has "http". I know in the Cisco IOS http is referred to as "www".
Can you try to change your tcp protocol statement to "http" instead of "www"?
Just a thought. It could be that is why there are no hits on the Object NAT rule.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide