Questions

New installation Cisco ASA 5505

+
0 Votes
Locked

New installation Cisco ASA 5505

taarg
Hi I'm trying to configure a Cisco ASA 5505 and having some problem with the http traffic to an inside server.

My hardware configuration:

Internet with static IP -> Cisco ASA 5505 -> Server

I want the server to act as web server.

I can access the Internet from the server but no port 80 traffic can reach the server.

My interfaces are:
outside ethernet0/0 enabled security level 0 <static ip> vlan1
inside ethernet0/1-7 enable security level 100 192.168.1.1 vlan2

NAT:
No Type Source Destination interface address
inside:
1 dynamic inside/network any outside outside
outside:
1 static <static ip>http any inside 192.168.1.250

Security Policy:
No Enabled Source Destination Service Action
inside:
1 any any less secure ip permit
2 any any ip deny
outside:
1 Y any inside-network http permit
2 Y any any icmp permit
3 any any ip deny

I am using ASDM to configure...

The configuration:

:
ASA Version 7.2(2)
!
hostname XXXXX
domain-name default.domain.invalid
enable password fg7usdfsBsdff encrypted
names
!
interface Vlan1
nameif outside
security-level 0
ip address <ip from ISP> 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
ospf cost 10
!
interface Ethernet0/0
!
interface Ethernet0/1
switchport access vlan 2
!
interface Ethernet0/2
switchport access vlan 2
!
interface Ethernet0/3
switchport access vlan 2
!
interface Ethernet0/4
switchport access vlan 2
!
interface Ethernet0/5
switchport access vlan 2
!
interface Ethernet0/6
switchport access vlan 2
!
interface Ethernet0/7
switchport access vlan 2
!
passwd 2sdadbNIdI.2asdU encrypted
boot config disk0:/startup-config
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid

access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host <ip from ISP>
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
static (outside,inside) tcp 192.168.1.25 www <ip from ISP> www netmask 255.255.255.255
static (inside,outside) tcp <ip from ISP> www 192.168.1.25 www netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 <GW from ISP>
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!

!
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
!
prompt hostname context
Cryptochecksum:aca065847af0527a918d592502426aea
: end
asdm image disk0:/asdm-522.bin
no asdm history enable