HTTPS port forwarding from outside to inside, TCP access denied by ACL

kaurtammai · ‎06-02-2016

I'm having hard times with port forwarding with Cisco ASA 5512-x. Cisco version is 9.2(1) and Device Manager Version 7.3(1)101.

I've made NAT one-to-one translation entries and also created required Access rules.

Is this related somehow to ASDM access? I've changed ASDM access port from 443 -> 8080 and no other service should be using this port.

NAT Rule :

nat (Outside,Inside) source static VMHost1 VMHost1 destination static interface VOIPJaam service HTTPS HTTPS net-to-net

Outside-In has rule VMHost1 -> Outside and Outside-Out has VMHost1 -> VOIPJaam. Inside-out has VMHost1 ->VOIPJaam.

Philip D'Ath · ‎06-02-2016

I'm having trouble understand that. What is the inside IP address of the host, and what should the outside world see it as?

kaurtammai · ‎06-03-2016

Dear Philip,

Inside aadress is 192.168.0.253. Outside world should see it as xx.xx.xx.xx:443.

xx.xx.xx.xx is our external public address, which is defined as outside interface address. Does that make it a little clearer?

Kasun Bandara · ‎06-03-2016

Hi there,

have you tested object nat? see sample below.

object network INTERNAL_SERVER
host 192.168.0.253

object network INTERNAL_SERVER
nat (inside,outside) static interface service tcp 443 443

regards

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Philip D'Ath · ‎06-03-2016

I agree with hackergk1 . For some reason I can't rate hackergk1's response.