Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1022
Views
0
Helpful
3
Replies

ASA Version 8.4(3) CLI NAT outside IP to inside websrv

Go to solution
actemiumparis
Level 1
Level 1

‎11-27-2012 01:20 AM - edited ‎03-11-2019 05:28 PM

-for some reasons we use 192.168.1.0 as outside IP and 10.177.235.0 as inside IP;

-a web server with ip 10.177.235.251 is installed in inside network;

-we need a outside ip (192.168.1.24) to let pc in outside network to access web server;

here are cli commands i used:

interface Vlan1

nameif inside

security-level 100

ip address 10.177.235.54 255.255.255.0

exit

interface Vlan2

nameif outside

security-level 0

ip address 192.168.1.54 255.255.255.0

exit

interface Ethernet0/0

switchport access vlan 2

exit

interface Ethernet0/1

switchport access vlan 2

exit

interface Ethernet0/2

switchport access vlan 2

exit

object network websrv-ins

host 10.177.235.251

nat (inside,outside) static  192.168.1.24

exit

access-list outside-acl permit tcp any host 10.177.235.251 eq 80

access-group outside-acl in int outside

then from a pc outside (ip:192.168.1.251) i tried to load http://192.168.1.24 and i had logs like this:

natASA8.43.PNG

i'm lost then.

have you any idea about that?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎11-27-2012 01:56 AM

Hi,

The server in the INSIDE network isnt responding to the OUTSIDE host when it tries to open/form the TCP connection. Either something at the server side is blocking the connection or the server doesnt have correct routing towards the network 192.168.1.0/24

The Firewall configuration seems fine though.

Is the server directly connected to the ASA? If yes, does the server have the correct default gateway (= ASA Vlan1 interface IP)

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎11-27-2012 01:56 AM

Hi,

The server in the INSIDE network isnt responding to the OUTSIDE host when it tries to open/form the TCP connection. Either something at the server side is blocking the connection or the server doesnt have correct routing towards the network 192.168.1.0/24

The Firewall configuration seems fine though.

Is the server directly connected to the ASA? If yes, does the server have the correct default gateway (= ASA Vlan1 interface IP)

- Jouni

0 Helpful

Go to solution
actemiumparis
Level 1
Level 1
In response to Jouni Forss

‎11-27-2012 02:19 AM

thank JouniForss! with gateway of 10.177.235.54 everything works fin!

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to actemiumparis

‎11-27-2012 02:20 AM

Hi,

Please rate and mark the question as answered

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card