- Posts: 1
- Thank you received: 0
ASA 5505 access outside IP address from inside network
14 years 10 months ago #33408
by heliart
ASA 5505 access outside IP address from inside network was created by heliart
Hi there,
So I have this issue. I have the 5505 working well. There's a machine on my inside network on 192.168.1.10 that's serving an HTTP page on port xyz.
Any external access to the outside IP address gets routed correctly to the server. i.e. any request coming in from the internet.
The problem I have is that I can't get to this server via the outside IP address from the inside network.
Example.
Outside IP = 62.255.24.64
Inside IP of server = 192.168.1.10
From a machine on the internet I can access 62.255.24.64:xyz and the access is served correctly from 192.168.1.10
From a machine on the inside network I can access 192.168.1.10:xyz and the access is served correctly
But, where it fails is that if I try to access 62.255.24.64:xyz from a machine on the inside network - this fails
It's very unclear to me what type of rule needs setting up to permit an access that looks like this?
Any help would be great.
Cheers.
Steve
So I have this issue. I have the 5505 working well. There's a machine on my inside network on 192.168.1.10 that's serving an HTTP page on port xyz.
Any external access to the outside IP address gets routed correctly to the server. i.e. any request coming in from the internet.
The problem I have is that I can't get to this server via the outside IP address from the inside network.
Example.
Outside IP = 62.255.24.64
Inside IP of server = 192.168.1.10
From a machine on the internet I can access 62.255.24.64:xyz and the access is served correctly from 192.168.1.10
From a machine on the inside network I can access 192.168.1.10:xyz and the access is served correctly
But, where it fails is that if I try to access 62.255.24.64:xyz from a machine on the inside network - this fails
It's very unclear to me what type of rule needs setting up to permit an access that looks like this?
Any help would be great.
Cheers.
Steve
14 years 9 months ago #33418
by tuanhs
dear!
three configuration step you should follow one by one:
- configuring the basic setup (interface, IP, route, management access ,icmp). Test the result by pinging and remote access the devices.
- configuring NAT rules (global NAT or static NAT)
- configuring accessl-list and access-group to allow traffic.
in your case, you should ensure that you can ping well to inside and outside addresses. then create a global NAT for your entire inside network. create a static NAT for your web server. after that create some access-list, access-group to allow traffic coming in and out. finally test the traffic. you can view log through monitoring log screen.
hope that could help!
best regards!
Replied by tuanhs on topic Re: ASA 5505 access outside IP address from inside network
Hi there,
So I have this issue. I have the 5505 working well. There's a machine on my inside network on 192.168.1.10 that's serving an HTTP page on port xyz.
Any external access to the outside IP address gets routed correctly to the server. i.e. any request coming in from the internet.
The problem I have is that I can't get to this server via the outside IP address from the inside network.
Example.
Outside IP = 62.255.24.64
Inside IP of server = 192.168.1.10
From a machine on the internet I can access 62.255.24.64:xyz and the access is served correctly from 192.168.1.10
From a machine on the inside network I can access 192.168.1.10:xyz and the access is served correctly
But, where it fails is that if I try to access 62.255.24.64:xyz from a machine on the inside network - this fails
It's very unclear to me what type of rule needs setting up to permit an access that looks like this?
Any help would be great.
Cheers.
Steve
dear!
three configuration step you should follow one by one:
- configuring the basic setup (interface, IP, route, management access ,icmp). Test the result by pinging and remote access the devices.
- configuring NAT rules (global NAT or static NAT)
- configuring accessl-list and access-group to allow traffic.
in your case, you should ensure that you can ping well to inside and outside addresses. then create a global NAT for your entire inside network. create a static NAT for your web server. after that create some access-list, access-group to allow traffic coming in and out. finally test the traffic. you can view log through monitoring log screen.
hope that could help!
best regards!
Time to create page: 0.124 seconds