01-04-2017 11:36 PM - edited 03-12-2019 01:44 AM
Hi,
We are using Cisco ASA 5506-X with three internet connections. First two for Internet fail-over and third is dialing out via PPPOE. The purpose of the third internet is to allow LIVE IP's configured on sub-interface of Inside. We are able to ping Server on inside subinterface from home but can't access web services via http. I have allowed http,https traffic on relevant interfaces but still in vain. Please note that we are able to access http,https, from directly connected interfaces. Following is Cisco ASA config.
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 192.168.10.10 255.255.255.0
!
interface GigabitEthernet1/2
no nameif
no security-level
no ip address
interface GigabitEthernet1/2.103 \\ This is the sub-interface we are unable to access via http from home internet. \\Server IP 115.186.173.2/29
vlan 103
nameif LIVERangeNayatel
security-level 100
ip address 115.186.173.1 255.255.255.248
!
interface GigabitEthernet1/4
nameif Nayatel \\ PPPOE dial-out for the above sub-interface ISP
security-level 0
pppoe client vpdn group nayatelpppoe
pppoe client route track 1
ip address pppoe setroute
!
access list snap is attached.
Please note that same web server is accessible on secondary ISP Live ip if configured with that IP address.
01-05-2017 01:20 AM
Hi ,
do packet tracer & share...
#packet-tracer input outside tcp (any public IP) 80 115.186.173.1 80 detai
regards,
Mani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide