10-30-2014 02:23 PM - edited 03-11-2019 10:00 PM
I have a security camera server with a web interface that formerly used a port forward in the service provider's modem/router to allow access to this interface from the internet. A 5505 ASA was installed after the modem to create a VPN to allow remote support. The VPN is configured and operational, but the web interface is no longer accessible. This site also has only one public IP address, and the server is on the only subnet that is configured.
The port forward was removed from the ISP modem/router, and I have configured port forwarding to the server on port 80. I also have configured an ACL to allow access from the outside to port 80. However, when attempting to access the server the logging shows:
TCP access denied by ACL from X.X.X.X/51945 to outside:X.X.X.X/80
I have attached my config file, please take a look and see what is causing this issue.
Thanks,
Jason
10-30-2014 02:37 PM
Hi Jmoritz,
You should add a nat statement for the object network milestone:
object network milestone
nat (inside,outside) static interface service tcp 80 80
By doing so host 10.1.33.238 would be natted to the outside interfce, so any connection on port 80 on the outside interface would be forwarded to it on port 80.
Regards,
Aref
10-31-2014 06:02 AM
Aref,
I entered the commands as you suggested, but still getting the same results. Is there anything else that I can do?
10-31-2014 09:00 AM
Try to clear the xlate table and local host table with these commands and try again, and please remember that the ip address of the server on the access list has to be the real "private" ip address:
clear xlate
clear local-host
Regards,
Aref
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: