cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1960
Views
0
Helpful
12
Replies

ASDM Location is using the same IP as an internal server. Problem?

aaron.grussner
Level 1
Level 1

I have a server that I need to open up some ports on to allow access to the new internal Sharepoint server we're setting up. I've been having some issues getting the ports open like once I put the commands in and save them that server suddenly stops allowing outbound traffic. After looking at a few things I noticed while I was looking at the config file that the ASDM location is showing 2 IP's, both are the same as the server I'm trying to open ports for one being the private IP and the other is the public IP I'm trying to use. Is this the reason I'm having problems when I try to open those ports to my server? Do I need to use both a different private and public IP for this server so I can get my ports to work? The programmers selected these IP's so if I need to change them I'll let them know in case they need to make changes for the Sharepoint setup. Thanks for any help. This is on an ASA 5505.

12 Replies 12

cadet alain
VIP Alumni
VIP Alumni

Hi,

post config of ASA and tell us which  server  IP you want to publish .

Alain.

Don't forget to rate helpful posts.

Thanks, here's the config file

ASA Version 7.2(4)

!

When I add the static for 211.92.223.250 I can't access the web or anything else outside the network. If I remove that statement I can access the web and other services fine. This was configured by a previous admin and I'm just now having to work on it. I need to have the ports listed in the config for that IP opened so we can access Sharepoint from outside the network. Is there something missing or configed wrong? Thanks for the help.

Hi,

I don't see anything wrong in the config.

Can you do a packet tracer for pinging 8.8.8.8 from inside with this static entry causing problems.

Alain.

Don't forget to rate helpful posts.

It comes back with (acl-drop) flow is denied by configured rule. Which ACL would affect this new server? Thanks

Hi,

in which state have you got the drop action? ok as icmp is not inspected and you only permit tcp on outside inbound then it's normal the ping won't work because the implicit deny at the end of ACL blocks return traffic.

do a packet tracer again but for surfing  to 109.69.220.68

Regards.

Alain.

Don't forget to rate helpful posts.

I selected TCP from the options when I ran the packet tracer in the ASDM console.

hi,

ok so post the output.

Alain.

Don't forget to rate helpful posts.

Is there a way to copy it from the ASDM console? Thanks.

Hi,

just do a print screen

Alain

Don't forget to rate helpful posts.

Here it is

Thanks

Hi,

you reversed the IP: 8.8.8.8 should be destination and the other the source.

Redo it the correct way.

Alain.

Don't forget to rate helpful posts.

Well after fighting with the ISP they admitted that there was an issue in the netmask on their end that was causing only the first 8 of my block of IP's to function properly while the last 8 which were the one's I was trying to use would not work. This has gone on for a month and I knew it wasn't an issue at my end. Thanks for all the help.

Review Cisco Networking for a $25 gift card