Tuesday, March 24, 2020

ASA help

Hello reddit! First of all I hope everyone is staying healthy and busy during these crazy times.

I've been trying to solve this issue for over 3 days but just can't seem to wrap my brain around it. I have a webserver with an internal IP address of 192.168.2.100. It's configured to use a 1 to 1 static nat however I cannot load the webpage when I browse to it's public IP. The error I see in the ASDM log is below.

Deny TCP (no connection) from X.X.X.X to X.X.X.X flags ACK on interface outside2

I'm really bad at working with ASA so ANY help on this would be greatly appreciated. My show run is below 

interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address X.X.X.X - (not in use)
!
interface Vlan12
description Optimum
nameif outside2
security-level 0
ip address 1.1.1.1 - (IP changed, in use)
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object network NET-OBJ-LOCAL-NETWORK
subnet 192.168.2.0 255.255.255.0
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network websrv_ext
host 1.1.1.2 (IP changed)
object network websrv_int
host 192.168.2.100
object-group network DM_INLINE_NETWORK_2
network-object object websrv_ext
network-object object websrv_int
object-group network DM_INLINE_NETWORK_1
network-object object websrv_ext
network-object object websrv_int
access-list 101 extended permit icmp any4 any4 echo-reply
access-list 101 extended permit tcp any object websrv_int eq https
access-list 101 extended permit tcp any object websrv_int eq www
access-list 102 extended permit ip any any
access-list 102 extended permit icmp any4 any4 echo-reply
access-list 102 extended permit tcp any object websrv_ext eq www
access-list 102 extended permit tcp any object websrv_ext eq https
access-list outside2_access_in extended permit ip any4 any4
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu outside2 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (inside,outside2) dynamic interface
object network websrv_int
nat (inside,outside2) static websrv_ext
access-group 102 out interface inside
access-group 101 in interface outside2

Thanks in advance for any insight you could offer



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)