Having a hell of a time getting this running. First time using ASA.
Everything internally works. Inside and DMZ can browse the internet. Webserver in the DMZ is using the DNS server on Inside. I am trying to get my public webserver access up, and I can't figure out why it's not working.
I think I've got a NAT issue?
NAT
1 (inside) to (outside) source static webserver interface service tcp www www
translate_hits = 0, untranslate_hits = 73
2 (inside) to (outside) source dynamic inside-subnet interface
translate_hits = 5657, untranslate_hits = 4
3 (dmz) to (outside) source dynamic dmz-subnet interface
translate_hits = 89979, untranslate_hits = 3
4 (inside) to (outside) source dynamic obj_any interface
translate_hits = 1881, untranslate_hits = 6
PACKET TRACE
fw-dev(config)# packet-tracer input inside tcp 192.168.5.55 12345 my.pub.ip.add 80
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in my.pub.ip.add 255.255.255.255 identity
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in my.pub.ip.add 255.255.255.255 identity
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (no-route) No route to host
No comments:
Post a Comment