08-14-2018 10:09 PM - edited 02-21-2020 08:06 AM
Having issues with port forwarding eq www. Ran packet-tracer yielding following:
Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop X.X.X.X using egress ifc identity
Phase: 2
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
We have build many on ASA 5506 Firmware 9.61. Has Cisco CLI language changed that much on firmware 9.61 to 9.81? Any help is much appreciated.
Thank You,
SA
08-15-2018 12:05 AM
08-16-2018 09:26 AM
At this moment W only have one ACL. We have additional ones to create later. It is access-list out-to-in extended permit tcp any host 192.168.1.100 eq www
08-18-2018 01:09 PM
Still not working here is config:
****FIREWALL(config)# sh run object
object network obj-192.168.1.100
host 192.168.1.100
object service obj-80
service tcp source eq www
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj_inside
subnet 192.168.1.0 255.255.255.0
****FIREWALL(config)# sh run access-l
access-list out-to-in extended permit tcp any host 192.168.1.100 eq www
****FIREWALL(config)# sh run nat
nat (inside,outside) source dynamic any interface
nat (inside,outside) source static obj-192.168.1.100 interface service obj-80 obj-80
08-18-2018 08:02 PM
Working. Issue was NAT statement.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide