ASDM Location is using the same IP as an internal server. Problem?

aaron.grussner · ‎10-28-2011

I have a server that I need to open up some ports on to allow access to the new internal Sharepoint server we're setting up. I've been having some issues getting the ports open like once I put the commands in and save them that server suddenly stops allowing outbound traffic. After looking at a few things I noticed while I was looking at the config file that the ASDM location is showing 2 IP's, both are the same as the server I'm trying to open ports for one being the private IP and the other is the public IP I'm trying to use. Is this the reason I'm having problems when I try to open those ports to my server? Do I need to use both a different private and public IP for this server so I can get my ports to work? The programmers selected these IP's so if I need to change them I'll let them know in case they need to make changes for the Sharepoint setup. Thanks for any help. This is on an ASA 5505.

cadet alain · ‎10-28-2011

Hi,

post config of ASA and tell us which server IP you want to publish .

Alain.

Don't forget to rate helpful posts.

aaron.grussner · ‎10-28-2011

Thanks, here's the config file

ASA Version 7.2(4)

!

When I add the static for 211.92.223.250 I can't access the web or anything else outside the network. If I remove that statement I can access the web and other services fine. This was configured by a previous admin and I'm just now having to work on it. I need to have the ports listed in the config for that IP opened so we can access Sharepoint from outside the network. Is there something missing or configed wrong? Thanks for the help.

cadet alain · ‎10-28-2011

Hi,

I don't see anything wrong in the config.

Can you do a packet tracer for pinging 8.8.8.8 from inside with this static entry causing problems.

Alain.

Don't forget to rate helpful posts.

aaron.grussner · ‎10-28-2011

It comes back with (acl-drop) flow is denied by configured rule. Which ACL would affect this new server? Thanks

cadet alain · ‎10-28-2011

Hi,

in which state have you got the drop action? ok as icmp is not inspected and you only permit tcp on outside inbound then it's normal the ping won't work because the implicit deny at the end of ACL blocks return traffic.

do a packet tracer again but for surfing to 109.69.220.68

Regards.

Alain.

Don't forget to rate helpful posts.

aaron.grussner · ‎10-28-2011

I selected TCP from the options when I ran the packet tracer in the ASDM console.

cadet alain · ‎10-28-2011

hi,

ok so post the output.

Alain.

Don't forget to rate helpful posts.

aaron.grussner · ‎10-28-2011

Is there a way to copy it from the ASDM console? Thanks.

cadet alain · ‎10-28-2011

Hi,

just do a print screen

Alain

Don't forget to rate helpful posts.

aaron.grussner · ‎10-28-2011

Here it is

Thanks

cadet alain · ‎10-29-2011

Hi,

you reversed the IP: 8.8.8.8 should be destination and the other the source.

Redo it the correct way.

Alain.

Don't forget to rate helpful posts.

aaron.grussner · ‎11-03-2011

Well after fighting with the ISP they admitted that there was an issue in the netmask on their end that was causing only the first 8 of my block of IP's to function properly while the last 8 which were the one's I was trying to use would not work. This has gone on for a month and I knew it wasn't an issue at my end. Thanks for all the help.