Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1108
Views
0
Helpful
1
Replies

port 80 not visible?

Maurizio Caloro
Level 1
Level 1

‎05-28-2021 04:18 PM

try to open on 5506 port 80 with following syntax on cli

 

object network WEB_SRV

    host 192.168.1.9

 

object service HTTP
    service tcp destination eq www

 

object-group network Internal_hosts
    network-object 192.168.1.0 255.255.255.0

nat (inside_6,outside) source dynamic Internal_hosts interface destination static WEB_SRV any service HTTP HTTP

 

access-list outside_acl extended permit tcp any object WEB_SRV eq www
access-group outside_acl in interface outside

 

asa# sh int ip brief
Interface IP-Address Name OK? Method Status Protocol
Virtual0 127.1.0.1 YES unset up up
GigabitEthernet1/1 ip from ISP outside YES DHCP up up
GigabitEthernet1/2 unassigned inside_1 YES unset down down
GigabitEthernet1/3 192.168.1.1 inside_2 YES unset down down
GigabitEthernet1/4 192.168.1.1 inside_3 YES unset up up
GigabitEthernet1/5 192.168.1.1 inside_4 YES unset up up
GigabitEthernet1/6 192.168.1.1 inside_5 YES unset up up
GigabitEthernet1/7 192.168.1.1 inside_6 YES unset down down
GigabitEthernet1/8 192.168.1.1 inside_7 YES unset up up
Internal-Control1/1 unassigned YES unset down down
Internal-Data1/1 unassigned YES unset up down
Internal-Data1/2 unassigned YES unset down down
Internal-Data1/3 unassigned YES unset up up
Internal-Data1/4 169.254.1.1 YES unset up up
Management1/1 unassigned YES unset down down
BVI1 192.168.1.1 inside YES manual up up

 

i think this its the way, but the port are still close. thanks for any possible update.

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-28-2021 09:26 PM

In this line:

nat (inside_6,outside) source dynamic Internal_hosts interface destination static WEB_SRV any service HTTP HTTP

... you are NATting internal hosts with destination WEB_SRV - also an internal host - but you have specified it as outside.

What's your goal? I would normally expect you have an internal web server that you want to allow incoming traffic (from outside) to reach it (on inside). In that case, the NAT may or may not be required, depending on if this is a lab (with the private addresses exposed on both sides) or an Internet connection (private inside, public outside addresses).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card