Showing results for 
Search instead for 
Did you mean: 


ASA 5505 8.4(2) (server:80 inside) from (outside:80) NAT/PAT/ACL


i'm new to cisco's ios on ASA 5505  Version 8.4(2) and try to configure the whole weekend the following setup but not successfully :-(

This is the actually network Setup, but the ASA 5505's are new

instead of old Greengate VPNgateways which have a to small network bandwidth on VPN.

                     HomeWorker with AnyConnect Essential




                                            ISP------- everybody

      Client                                |                                                                                             Client                       Printer                            |                                                                            

          |                            ASA 5505                                                 ASA 5505                          |                              |

          ---------------------  inside:                              inside: ---------------------------------------------------

          |                    outside:  -------ISP------  outside:188.zzz.zzz.11/29



          |     Proxy/DNS Server



          |     Http Server



          |     some other Server

          |----  10.27.1....

1.) WORKS:      The clients on the left connect to the internet threw the proxy server

2.) WORKS:      The clients on the left can connect to all other server

3.) WORKS:      The servers on the left can connect to the internet (from inside to outside)

4.) NOTworking: The clients/printers on the right should connect to the network on the right via ASA's Site2Site

5.) NOTworking: Some servers like HTTP/s SMTP/s IMAP/s on the left should available from outside (everybody without VPN)       ->     ->       ->     ->     ->

Now I need your help to get Step 5 running... 

Step 4 is on todo for the future, because i have to move the city to setup the ASA

I don't know how to setup the ACL an NAT/PAT settings in the ASA5505, every howto i have found by google is f0r older CLI version :-(

Please help !!!!!   or tell me what you need (show running-config) for example ?

Kindly regards



Re: ASA 5505 8.4(2) (server:80 inside) from (outside:80) NAT/PA


post your running config and also do a packet-tracer for traffic not working and post the results along with the config.



Don't forget to rate helpful posts.

Re: ASA 5505 8.4(2) (server:80 inside) from (outside:80) NAT/PA

Hey cadet alain,

thank you for your answer :-)

I have deleted all such attempts not working, so a packet-trace will be not very useful conent...

Here is the LogLine when i try to browse port 80 from outside ( without VPN connection:

3Nov 21 201118:29:56 access denied by ACL from to

The attached file is only the show running-config

Now i can with my AnyConnect Clients, too, but after connection is up, my vpnclients can't surf the web any longer because anyconnect serves as default route on ... that's bad, too

Actually the AnyConnect and Nat/ACL Problem are my last two open Problems until i setup the second ASA on the right ;-)




ASA 5505 8.4(2) (server:80 inside) from (outside:80) NAT/PAT/AC


traffic originated from a low security level destined to a high security levl is denied by default and you must permit the desired traffic by configuring an ACL and applying it inbound on the low security level interface.Since 8.3 you must specify the private IP address of your server in this ACL, not the public IP like before 8.3.

You didn't configure such an ACL and that's why traffic is dropped.

I've never configured AnyConnect so I can't help you for this part but other CSC members will for sure.



Don't forget to rate helpful posts.