10-28-2011 08:54 AM - edited 03-11-2019 02:43 PM
I have a server that I need to open up some ports on to allow access to the new internal Sharepoint server we're setting up. I've been having some issues getting the ports open like once I put the commands in and save them that server suddenly stops allowing outbound traffic. After looking at a few things I noticed while I was looking at the config file that the ASDM location is showing 2 IP's, both are the same as the server I'm trying to open ports for one being the private IP and the other is the public IP I'm trying to use. Is this the reason I'm having problems when I try to open those ports to my server? Do I need to use both a different private and public IP for this server so I can get my ports to work? The programmers selected these IP's so if I need to change them I'll let them know in case they need to make changes for the Sharepoint setup. Thanks for any help. This is on an ASA 5505.
10-28-2011 10:34 AM
Hi,
post config of ASA and tell us which server IP you want to publish .
Alain.
10-28-2011 10:49 AM
Thanks, here's the config file
ASA Version 7.2(4)
!
When I add the static for 211.92.223.250 I can't access the web or anything else outside the network. If I remove that statement I can access the web and other services fine. This was configured by a previous admin and I'm just now having to work on it. I need to have the ports listed in the config for that IP opened so we can access Sharepoint from outside the network. Is there something missing or configed wrong? Thanks for the help.
10-28-2011 11:15 AM
Hi,
I don't see anything wrong in the config.
Can you do a packet tracer for pinging 8.8.8.8 from inside with this static entry causing problems.
Alain.
10-28-2011 12:32 PM
It comes back with (acl-drop) flow is denied by configured rule. Which ACL would affect this new server? Thanks
10-28-2011 12:48 PM
Hi,
in which state have you got the drop action? ok as icmp is not inspected and you only permit tcp on outside inbound then it's normal the ping won't work because the implicit deny at the end of ACL blocks return traffic.
do a packet tracer again but for surfing to 109.69.220.68
Regards.
Alain.
10-28-2011 12:51 PM
I selected TCP from the options when I ran the packet tracer in the ASDM console.
10-28-2011 12:53 PM
hi,
ok so post the output.
Alain.
10-28-2011 01:39 PM
Is there a way to copy it from the ASDM console? Thanks.
10-28-2011 02:20 PM
Hi,
just do a print screen
Alain
10-28-2011 03:22 PM
Here it is
Thanks
10-29-2011 05:31 AM
Hi,
you reversed the IP: 8.8.8.8 should be destination and the other the source.
Redo it the correct way.
Alain.
11-03-2011 11:06 AM
Well after fighting with the ISP they admitted that there was an issue in the netmask on their end that was causing only the first 8 of my block of IP's to function properly while the last 8 which were the one's I was trying to use would not work. This has gone on for a month and I knew it wasn't an issue at my end. Thanks for all the help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide