08-20-2010 02:21 PM - edited 03-11-2019 11:28 AM
Ok thats it. I am now 6 hours overtime in the office and i cannot get it to work.
I have this:
SG-BN001#sh zone security
zone self
Description: System defined zone
zone out-zone
Member Interfaces:
GigabitEthernet0/1.1
GigabitEthernet0/1.2
zone in-zone
Member Interfaces:
Tunnel0
Tunnel1
GigabitEthernet0/0.1
GigabitEthernet0/0.2
GigabitEthernet0/0.5
Virtual-Template1
SSLVPN-VIF0
zone dmz-zone
Member Interfaces:
GigabitEthernet0/0.3
I have in the DMZ a Server. I want to access Port 8080 and Port 8443
I cant get it to work!
i have some other servers in the DMZ working with port forwarding
I use CCP -> i create rule on the OUT to DMZ Zone.
I use an object group, add this server, create custom ports for it add them and... no it isnt working!
Even when i allow IP for ALL DMZ Machine, i can only connect to port 8080. I never could connect ever to the second port the same time.
is it me? am i too stupid?
Using 2800x with 12.4
Solved! Go to Solution.
08-21-2010 04:36 PM
Are you sure this works internally? Meaning if you load the page from the inside or on a compuer on the dmz does it work? I just want to make sure that the dmz host is listening on these ports.
-KS
08-20-2010 02:49 PM
Does your NAT config look ok? for port 8443 to this server in the dmz.
Unfortunatley is section of the config that you posted is not enough to find out what might be going on.
issue
conf t
ip inspect log drop
then try the connection and see what the logs says.
-KS
08-20-2010 03:17 PM
Hmm i did but my connection doesnt show up.
well i just added IP to inspect ANY ANY on the OUT - TO - DMZ ZONE
then 8080 is working
but
8443 not
i cant understand this
my dmz interfaces are NAT INSIDE
but removing NAT doesnt change anything
08-20-2010 03:38 PM
what does your "sh run | i nat" output look like?
Do you have translation for 8443?
-KS
08-20-2010 03:39 PM
08-20-2010 03:41 PM
no translation. also when i try 8081 8082 etc this is ALSO not working!
8080 is the only one that works..
:-/
08-21-2010 04:36 PM
Are you sure this works internally? Meaning if you load the page from the inside or on a compuer on the dmz does it work? I just want to make sure that the dmz host is listening on these ports.
-KS
08-22-2010 08:20 AM
Well thanks for your help kusan..... actually i fixed it.
THe Problem was i think that there was no access-group on the interfaces
i made access lists ip any any and applied them to the interfaces
AFTER THAT everything worked like i configured it in CCP
i have no idea why.. but now its working!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide