02-13-2006 03:31 AM - edited 02-21-2020 12:42 AM
I need to allow outbound access to an IP address on destination port tcp:8443 using https. Simply adding the rule to the rule base doesn't permit the connection even when just restricted by source/destination ip address. Is this because of default-inspection or some other service-policy? Where do I start looking for clues?
Barry.
02-13-2006 01:37 PM
Can you post your scenario e.g with IP's ? I beleive you might need to create some kind of NAT/Static with ports
02-13-2006 08:55 PM
When you say "outbound access" do you mean that the destination host is on the Internet, or does "outbound access" mean access from the Internet to an inside host? If it's the first meaning, do you have an access list applied to the internal (higher security level) interface? If it's the second meaning, you can use the static command to do a port redirection if I understand what you are wanting to do correctly. Something similar to the following may work for you:
static (inside,outside) tcp 1.1.1.1 8443 2.2.2.2 443
where 1.1.1.1 = public IP address,
and 2.2.2.2 = private IP address
Hope this helps...
02-14-2006 01:14 AM
Just to clarify the access is from devices attached to E1 to an Internet IP address these devices are using a global NAT outbound and standard http and https work OK. Connections to this destination address on tcp:8443 work when they aren't via the ASA.
Barry.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide