Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
1
Replies

Cisco ASAv Nginx Load Balancer Upstream not working.

joematrix77
Level 1
Level 1

‎01-19-2023 10:39 AM

Hey guys I'm having an issue where the traffic flow gets dropped to secondary Load Balancer upstream to the LAN here is my config, am I missing something? I also attached a network diagram for reference to what I am trying to get accomplished. Any suggestions will be greatly appreciated! Also How do I disable the Any Connect Portal?

Thanks in Advance!

 

interface GigabitEthernet0/0
description to WAN
nameif outside
security-level 0
ip address 192.168.1.167 255.255.255.0
no shut
!
interface GigabitEthernet0/1
description to LAN
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
no shut
!
interface GigabitEthernet0/6
description to LAN-EXT
nameif lan-ext
security-level 40
ip address 10.4.45.1 255.255.255.240
no shut
!
interface GigabitEthernet0/7
description to DMZ-INT
nameif dmz-int
security-level 30
ip address 10.4.44.1 255.255.255.240
no shut
!
interface GigabitEthernet0/8
description to DMZ-EXT
nameif dmz-ext
security-level 20
ip address 10.4.43.1 255.255.255.240
no shut
!
nat (inside,outside) after-auto source dynamic any interface
nat (dmz-int,outside) after-auto source dynamic any interface
nat (dmz-ext,outside) after-auto source dynamic any interface
nat (lan-ext,dmz-int) after-auto source dynamic any interface
nat (dmz-int,dmz-ext) after-auto source dynamic any interface
!
route outside 0.0.0.0 0.0.0.0 192.168.1.1
!
policy-map global_policy
class inspection_default
inspect icmp
!
object network WWW-EXT
host 10.4.43.2
!
object network WWW-INT
host 10.4.44.2
!
object service WEB-SERVICE
service tcp source eq WWW
!
nat (dmz-ext,outside) source static WWW-INT WWW-EXT service WEB-SERVICE WEB-SERVICE
!
access-list OUTSIDE extended permit tcp any object WWW-INT eq WWW
!
access-group OUTSIDE in interface outside
!
object network INSIDE-NET
subnet 192.168.0.0 255.255.255.0
!
object network DMZ-INT-NET
subnet 10.4.44.0 255.255.255.240
!
object network LAN-EXT-NET
subnet 10.4.45.0 255.255.255.240
!
object network DMZ-EXT
host 10.4.43.2
!
access-list DMZ-EXT-ACL extended permit tcp any object DMZ-EXT eq WWW
access-list DMZ-EXT-ACL extended deny ip any object INSIDE-NET
access-list DMZ-EXT-ACL extended deny ip any object DMZ-INT-NET
access-list DMZ-EXT-ACL extended deny ip any object LAN-EXT-NET
access-list DMZ-EXT-ACL extended permit ip any any
!
access-group DMZ-EXT-ACL in interface DMZ-EXT
 
Internet Network Diagram Template.png

 

0 Helpful
1 Reply 1

joematrix77
Level 1
Level 1

‎01-19-2023 10:49 AM

P.S. I added this to the NAT rules:

nat (inside,lan-ext) after-auto source dynamic any interface
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card