How to allow access through Cisco ASA

Can someone help me with this.

We have an ASA doing NAT for our network. We have a webserver on our network.

Lets say the IP address for the wan port on the ASA is When I am on the network, I cant seem to access the webserver by going to If however I am on my home network and on the internet, I can access the webserver The port 80 forwarding rule is in place and works fine.

So you see, for some reason, the ASA is blocking me when I am going out through it and back in.

Reply to
Loading thread data ...

Yes. That's exactly how the ASA security model works. It's easier to work around if you use DNS [eg split views in bind].

Reply to

This is what I have, I changed

access-list OutsideISP_access_in extended permit tcp any interface OutsideISP eq https access-list OutsideISP_access_in extended permit tcp any host eq www access-list OutsideISP_pnat_inbound extended permit tcp interface OutsideISP eq https interface InsideStaff eq https static (InsideStaff,OutsideISP) tcp interface https https netmask can be reached from the internet when I go to,however, when I am on the 10.55.5.x local network and try to visit it doesn't work.

Is there a way to make it work?

Reply to

visithttp:// doesn't work.


There were a couple of ways you could do this on the old PIX's, nameley DNS Doctoring (6.2) and the alias commands.

I know the ASA suports DNS Doctoring but am unsure about the alias command.

Just do a search on and you shoud find a number of helful articles.




Reply to
Darren Green

why not just modify your *host* file on your windows box your using to browse on the internet (within the LAN/WAN of that router) .. eg

webserver 10.x.x.x

that way when your in your browser, you just type in webserver and you get in to your site (its a work around, but it does work)

Reply to
cvanoosbree Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.