I have the following configured on an ASA running 9.1(2)
object network Webserver
nat (DMZ,outside) static 18.104.22.168
Access-list knock_knock extended permit tcp any object Webserver eq http
Access-group knock_knock in interface outside
BUT.. I still cannot get to the the webserver from the outside(internet). so I captured some logs and found that the NAT and access list mentioned above are actually working (please see the attached screen capture)
The NAT is definitely working since my independent test from the outside registers as "hits" each time I try to get to the HTTP server. The logs tell me that it Builds and Tears down the attempted connection instantaneously. Since I know that the NAT and the access list on the outside interface are both working components, troubleshooting them would be a waste of time. The Server itself can access the internet(outside) without any issues from behind the DMZ where it lives. I tested it's ability to do so by logging on and browsing the internet (yahoo, CNN etc..) so the basic principles of the server are fine (IP, Gateway Subnet connectivity etc..)
If the packet tracer shows as allowed, I would do a packet capture. This will give us a good idea if the packets is entering and leaving the outside interface, as well as entering and leaving the inside interface. Please post the results here for further assistance.
here is a link on how to perform a packet capture:
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi...
Cisco Umbrella is a big DNS service that provides not only the DNS resolution but also if the hosted website is trust or malicious, the idea behind the Layer DNS Security is that the modern attacks uses the DNS in the first step either to redirect the use...
I shared with you this detailed document I created with 27 pages about Cisco ISE Integration With F5 BIG-IP Locar Traffic Manager LTM Load Balancer for Guest Acces.
The method used for Guest Access is the Self-Registration.
Healt Monitor using HTTP...
I created an IPSEC Site to site Tunnel between two ASA Firewalls in EVE-NG topology and i want to plot the IPSEC Site to Site VPN graph on PRTG ? The SNMP Walk command is not getting any output . As the firewall is making SNMP inbound connections with the...
The purpose of this document is to demonstrate how ISE can integrate with an eduroam external server which is a WI-Fi roaming service that provides international access to devices in education, research, and higher education. Students, teachers, and resea...