Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
0
Helpful
4
Replies

Unable to display simple web page through nat. Yet other services work through nat

Go to solution
necrify01
Level 1
Level 1

‎04-16-2015 02:18 AM - edited ‎03-11-2019 10:47 PM

Hi. this is doing my head in.

 

We use a asa 5510 with code 7.2. I'm trying to setup access to two simple webpages from the Internet. And they don't work. Traffic comes in on 212.217.2.44 and is natted across to 172.16.16.5. Similarly traffic comes in from 212.217.2.45 and is natted to 172.16.16.3. I can see the hit count increment on the external access rule increase. I see the corressponding NAT appear in the xlate table yet I get no webpage. If I plug a laptop into the 172.16.16.x subnet I can see the webpages. There are other NAT statements such as 212.217.2.42 is natted to 172.16.16.2 and this works. The only change I have made to this config is guest wifi. I used PAT. Any help would be appreciated.

 

Tony

Labels:
Preview file
7 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Pranay Prasoon
Level 3
Level 3
In response to necrify01

‎04-16-2015 05:48 AM

do you have default route on your severs.

Please take captures and see what is happening

 

access-list out permit ip any host 212.217.2.44

access-list out permit ip host 212.217.2.44 any

cap capo interface outside access-list out

 

access-list in permit ip any host 172.16.16.5

access-list in permit ip host 172.16.16.5 any

cap capi interface dmz1 access-list in

 

Try generating traffic and see the captures

show cap capi

show cap capo

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Pranay Prasoon
Level 3
Level 3

‎04-16-2015 05:26 AM

Hi,

I did't get the description "If I plug a laptop into the 172.16.16.x subnet I can see the webpages"

 

Are you testing inbound or outbound traffic?

 

Two static statements are pointing the server in  DMZ1, also as you said that when you plug laptop it is working correctly. Where is the problem then?

 

thanks

0 Helpful

Go to solution
necrify01
Level 1
Level 1
In response to Pranay Prasoon

‎04-16-2015 05:40 AM

Hi thanks for your reply. I am testing for a request to come into the outside interface for a webpage which sits on dmz1. I don't get the webpage. If I plug a laptop into a switch which sits on dmz1 I can see the webpage so I know the web page works on the dmz1 subnet. However it doesn't work when trying to access it from the internet

0 Helpful

Go to solution
Pranay Prasoon
Level 3
Level 3
In response to necrify01

‎04-16-2015 05:48 AM

do you have default route on your severs.

Please take captures and see what is happening

 

access-list out permit ip any host 212.217.2.44

access-list out permit ip host 212.217.2.44 any

cap capo interface outside access-list out

 

access-list in permit ip any host 172.16.16.5

access-list in permit ip host 172.16.16.5 any

cap capi interface dmz1 access-list in

 

Try generating traffic and see the captures

show cap capi

show cap capo

 

0 Helpful

Go to solution
necrify01
Level 1
Level 1
In response to Pranay Prasoon

‎04-17-2015 01:20 AM

Thanks. From doing the capture we were able to work out what was happening. We saw the traffic coming into the outside interface but there was no traffic from dmz1. So we turned our attention to the switch and changed the vlan to an arbritary number and traffic started to flow. Why this worked I'm not sure.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card