09-01-2012 06:46 AM - edited 02-21-2020 04:43 AM
I've setup ASA 5505 using ASDM but outside can't see internal webserver. when i do packet trace it gave me
(acl-drop) flow is denied by configured rule asdm. what should I do next please help. I'm using asdm 6.3(1) and asa 8.3.(1)
Thanks in advance.
09-01-2012 07:10 AM
Most likely your ACL that is applied to the outside interface is wrong. Remember that the ACL has to use the real IP of the internal server, not the translated IP as it was in older ASA-versions.
If that doesn't help, attach your config here.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-01-2012 08:08 AM
Many thanks for your reply. What is the latest version ASA and how can I download and apply to device? We have exchange server and we need to access https but it's need to be NAT and port forwarding. Please advice! What ever and how ever I configure using asdm every thing is block from outside to inside.
09-01-2012 08:30 AM
What is the latest version ASA and how can I download and apply to device?
The easiest is to upgrade in ASDM:
Menu Tools -> "Check for ASA/ASDM Updates"
There you login with your cisco.com-account and can directly upgrade the ASA.
What ever and how ever I configure using asdm every thing is block from outside to inside.
Then you do it wrong ... ;-)
Please post your NAT- and ACL-config. You can do that from ASDM from Tools -> "Command Line Interface":
show run nat
show access-list
show run access-group
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide