10-17-2018 02:38 PM - edited 02-21-2020 08:22 AM
Hello
I blocked port 80 through our Cisco ASA to a particular IP but am still seeing connections being permitted in the logs. The only configuration for the IP is a NAT statement mapping it to an internal IP. Any ideas why?
Thanks
A
Solved! Go to Solution.
10-17-2018 04:00 PM
Sorry, figured it out! I have multiple public IP addresses NATted to the same private IP, and there was a rule allowing HTTP to one of the public IP objects, which effectively allowed HTTP to anything destined for the private IP. Once I removed that rule HTTP is blocked.
10-17-2018 03:26 PM
Can you send config and an extract of the log where you are seeing that port 80 is still being allowed?
(try the packet tracer tools in ASDM to see if the packet is allowed/denied or not)
10-17-2018 04:00 PM
Sorry, figured it out! I have multiple public IP addresses NATted to the same private IP, and there was a rule allowing HTTP to one of the public IP objects, which effectively allowed HTTP to anything destined for the private IP. Once I removed that rule HTTP is blocked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide