Solved: Cant access server from outside to inside

adel85 · ‎11-09-2020

we have cisco ASA, i have NAT for outside public ip (lets say) 1.1.1.5 to private ip (lets say) 192.168.1.5

the rule : nat (outside,inside) 5 source static any any destination static 1.1.1.5 192.168.1.5

and i have access-list: access-list outside_access_in line 3 extended permit ip any object 1.1.1.5

everything i reachable from inside even the server is going to the internet with the NAT ip 1.1.1.5

but i cant reach the server from outside.

Rob Ingram · ‎11-09-2020

Hi @adel85

Try this:-

no nat (outside,inside) 5 source static any any destination static 1.1.1.5 192.168.1.5
no access-list: access-list outside_access_in line 3 extended permit ip any object 1.1.1.5

object network SERVER
 host 192.168.1.5
 nat (inside,outside) static 1.1.1.5
!
access-list outside_access_in extended permit ip any host 192.168.1.5

It's not wise permitting all traffic inbound from the internet, you may wish to lock down the ACL to permit only the required ports.

HTH

View solution in original post

Rob Ingram · ‎11-09-2020

Hi @adel85

Try this:-

no nat (outside,inside) 5 source static any any destination static 1.1.1.5 192.168.1.5
no access-list: access-list outside_access_in line 3 extended permit ip any object 1.1.1.5

object network SERVER
 host 192.168.1.5
 nat (inside,outside) static 1.1.1.5
!
access-list outside_access_in extended permit ip any host 192.168.1.5

It's not wise permitting all traffic inbound from the internet, you may wish to lock down the ACL to permit only the required ports.

HTH

adel85 · ‎11-09-2020

you are right but for now i am trying to to connect it from outside to reach it then i will permit specific ports

adel85 · ‎11-09-2020

thx,problem solved

i had to access list the private IP not the public ip