Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
1
Replies

Cannot access http,https,ssh on Cisco ASA Subinterface connected server. Though ICMP works fine..

waseem.khan
Level 1
Level 1

‎01-04-2017 11:36 PM - edited ‎03-12-2019 01:44 AM

Hi,

We are using Cisco ASA 5506-X with three internet connections. First two for Internet fail-over and third is dialing out via PPPOE. The purpose of the third internet is to allow LIVE IP's configured on sub-interface of Inside. We are able to ping Server on inside subinterface from home but can't access web services via http. I have allowed http,https traffic on relevant interfaces but still in vain. Please note that we are able to access http,https, from directly connected interfaces. Following is Cisco ASA config.

interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 192.168.10.10 255.255.255.0
!
interface GigabitEthernet1/2
no nameif
no security-level
no ip address

interface GigabitEthernet1/2.103                                              \\ This is the sub-interface we are unable to access via http from home internet.                                                                            \\Server IP 115.186.173.2/29
vlan 103
nameif LIVERangeNayatel
security-level 100
ip address 115.186.173.1 255.255.255.248
!

interface GigabitEthernet1/4
nameif Nayatel                                                                      \\ PPPOE dial-out for the above sub-interface ISP
security-level 0
pppoe client vpdn group nayatelpppoe
pppoe client route track 1
ip address pppoe setroute
!

access list snap is attached.

Please note that same web server is accessible on secondary ISP Live ip if configured with that IP address. 

Labels:
Preview file
47 KB
0 Helpful
1 Reply 1

MANI .P
Level 1
Level 1

‎01-05-2017 01:20 AM

Hi ,

do packet tracer & share...

#packet-tracer input outside tcp (any public IP) 80 115.186.173.1 80 detai

regards,

Mani

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card