07-14-2008 04:01 AM - edited 03-11-2019 06:13 AM
I am facing a problem with ASA for providing Application connectivity to intranet hosts. The details are explained below:
The Network structure is as follows:
- Intranet gateway router = 172.16.150.1
- ASA outside interface = 172.16.150.3
- NAt'ed IP to app server = 172.16.150.2
- remote network gateway = 172.16.151.1
Problem:
- Intranet Gateway routers and all hosts to router at all ends can ping each other except ASA.
- Only hosts conected to the router to which ASA is connected can ping ASA outside interface and also get tcp access through ASA.
- but Intranet gateway router to which ASA is connected cant ping ASA.
- The remote hosts cant get tcp access through ASA, getting no hits on ASA interface.
- If ASA connected to Public IP over Internet with same settings (only IP changed) all host on internet can ping ASA outside interface and access web server inside.
The ASA config file is attached. Please help in resolving this problem. I want to enable access to web server inside ASA to outside Intranet on private IP's.
07-14-2008 04:11 AM
and what is your problem?
07-14-2008 05:31 AM
problem is that Intranet hosts outside ASA cannot get tcp/http access to web servers residing inside ASA even after permitting any host to inside network by access-list.
07-14-2008 05:35 AM
You should have static NAT for the Intranet hosts.
07-14-2008 05:37 AM
Which networks have private ip addresses and which networks have public ip?
07-14-2008 05:49 AM
I have used static NAT as given below
# static (inside,outside) 172.16.150.2 192.168.8.21 netmask 255.255.255.255
here no public IP is involved, 172.16.0.0/ 24 is Intranet network connected on outside interface of ASA through router 172.16.150.1, and 192.168.8.21 is web server IP connected to inside interface of ASA.
07-14-2008 06:18 AM
no access-group inside in interface inside
no access-group inside_out out interface inside
and try again
07-14-2008 06:27 AM
does it mean no access list required on inside interface. I shall try out tomorrow and revert you back.
Thanks for guidance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide