web server not accessing internet

saleemsattar · ‎03-15-2013

sh run

active# sh running-config

: Saved

:

ASA Version 8.2(5)

!

hostname active

domain-name dhalahore.org

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

description Inside to the Core Switches

duplex full

nameif Inside

security-level 100

ip address 192.168.10.249 255.255.255.0 standby 192.168.10.250

!

interface Ethernet0/1

speed 100

duplex full

no nameif

security-level 100

ip address 192.168.11.249 255.255.255.0 standby 192.168.11.250

!

interface Ethernet0/2

description public Server - DMZ

duplex full

nameif DMZ

security-level 50

ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2

!

interface Ethernet0/3

description outside to the internet via router

duplex full

nameif Outside

security-level 0

ip address x.x.x.x 255.255.255.248 standby 125.209.70.91

!

interface Management0/0

description LAN/STATE Failover Interface

management-only

!

ftp mode passive

clock timezone PST 5

dns domain-lookup DMZ

dns domain-lookup Outside

dns server-group DEFAULT-DNS

name-server 10.1.1.254

name-server 10.1.1.253

dns server-group DefaultDNS

domain-name dhalahore.org

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list 102 extended permit icmp any any

access-list 102 extended permit ip any any

access-list 102 extended permit tcp any any eq www

access-list no-nat extended permit ip 172.16.20.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list no-nat extended permit ip 172.16.30.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list no-nat extended permit ip 172.16.40.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list no-nat extended permit ip 172.16.10.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list no-nat extended permit ip 192.168.10.0 255.255.255.0 10.1.1.0 255.255.255.0

pager lines 24

logging asdm informational

mtu Inside 1500

mtu DMZ 1500

mtu Outside 1500

failover

failover lan unit primary

failover lan interface FAILOVER Management0/0

failover polltime unit 1 holdtime 3

failover polltime interface 3 holdtime 15

failover key *****

failover link FAILOVER Management0/0

failover interface ip FAILOVER 172.16.254.254 255.255.255.0 standby 172.16.254.250

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat-control

nat (Inside) 0 access-list no-nat

static (DMZ,Outside) tcp interface www 10.1.1.254 www netmask 255.255.255.255

access-group 102 in interface DMZ

access-group 102 in interface Outside

route Outside 0.0.0.0 0.0.0.0 x.x.x.x

route Inside 172.16.10.0 255.255.255.0 192.168.10.253 1

route Inside 172.16.20.0 255.255.255.0 192.168.10.253 1

route Inside 172.16.30.0 255.255.255.0 192.168.10.253 1

route Inside 172.16.40.0 255.255.255.0 192.168.10.253 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet 192.168.10.249 255.255.255.255 Inside

telnet 0.0.0.0 0.0.0.0 Inside

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:40c2b65cd2dce43a13233d148832be9f

: end

julomban · ‎03-15-2013

Hello Saleem,

I am not sure if you are having problems from the inside or DMZ but you don’t have NAT to get out on both, you are missing the following commands:

nat (inside) 1 0 0

nat (DMZ) 1 0 0

global (outside) 1 interface

Regards,

Juan Lombana

Please rate helpful posts.

jocamare · ‎03-15-2013

Can you access the server internally?

I tried to ping 70.90 and i got replies, couldn't access it on port 80. [not sure if that's the real IP though]

saleemsattar · ‎03-15-2013

ok jocamare ... let me contact service provider.

jocamare · ‎03-15-2013

Why would you contact your ISP?

Can you access the server internally?

saleemsattar · ‎03-15-2013

jocamare, achually i'm not office in this time and i will check and test on monday ...

saleemsattar · ‎03-25-2013

i have configured this command but still i'm facing same problem ... our web server not accessing internet ...

Kindly help me

nat (inside) 1 0 0

nat (DMZ) 1 0 0

global (outside) 1 interface

jocamare · ‎03-25-2013

Can you descibre the problem for us?

Is it about the internal server not accessing the internet?

Or maybe about external users not able to access the server from the internet?

What's the server's IP address?