I've setup ASA 5505 using ASDM outside can't see internal webserver

proventusintl · ‎09-01-2012

I've setup ASA 5505 using ASDM but outside can't see internal webserver. when i do packet trace it gave me

(acl-drop) flow is denied by configured rule asdm. what should I do next please help. I'm using asdm 6.3(1) and asa 8.3.(1)

Thanks in advance.

Karsten Iwen · ‎09-01-2012

Most likely your ACL that is applied to the outside interface is wrong. Remember that the ACL has to use the real IP of the internal server, not the translated IP as it was in older ASA-versions.

If that doesn't help, attach your config here.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

proventusintl · ‎09-01-2012

Many thanks for your reply. What is the latest version ASA and how can I download and apply to device? We have exchange server and we need to access https but it's need to be NAT and port forwarding. Please advice! What ever and how ever I configure using asdm every thing is block from outside to inside.

Karsten Iwen · ‎09-01-2012

What is the latest version ASA and how can I download and apply to device?

The easiest is to upgrade in ASDM:

Menu Tools -> "Check for ASA/ASDM Updates"

There you login with your cisco.com-account and can directly upgrade the ASA.

What ever and how ever I configure using asdm every thing is block from outside to inside.

Then you do it wrong ... ;-)

Please post your NAT- and ACL-config. You can do that from ASDM from Tools -> "Command Line Interface":

show run nat

show access-list

show run access-group

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni