Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA5505 trouble opening port 443 for remote users Groupwise WebAccess

Status
Not open for further replies.

estest

IS-IT--Management
Jun 7, 2007
2
US
We have a GroupWise server running WebAccess sitting behind ASA5505. I have opened port 25 and can send and recieve emails but can't get access to WebAccess. I can internally at and everything is running fine. But when I try it externally via I have no luck.

Below is the relevant setup information.

interface Vlan1
mac-address 0012.3f7f.9876
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
description NuVox T1
nameif outside
security-level 0
ip address 66.64.x.x 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2

access-list out2in extended permit tcp any any eq smtp
access-list out2in extended permit tcp any any eq https
access-list out2in extended permit tcp any any eq 9850
access-list out2in extended permit tcp any any eq 1677
access-list out2in extended permit tcp any any eq 7205
access-list out2in extended permit udp any any eq 443
access-list out2in extended permit udp any any eq 9850
access-list out2in extended permit udp any any eq 1677
access-list out2in extended permit udp any any eq 7205

static (inside,outside) tcp interface smtp 192.168.1.50 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.50 https netmask 255.255.255.255
static (inside,outside) tcp interface 9850 192.168.1.50 9850 netmask 255.255.255.255
static (inside,outside) tcp interface 1677 192.168.1.50 1677 netmask 255.255.255.255
static (inside,outside) tcp interface 7205 192.168.1.50 7205 netmask 255.255.255.255
static (inside,outside) udp interface 443 192.168.1.50 443 netmask 255.255.255.255
static (inside,outside) udp interface 9850 192.168.1.50 9850 netmask 255.255.255.255
static (inside,outside) udp interface 1677 192.168.1.50 1677 netmask 255.255.255.255
static (inside,outside) udp interface 7205 192.168.1.50 7205 netmask 255.255.255.255

access-group out2in in interface outside
route outside 0.0.0.0 0.0.0.0 66.64.x.x 1
 
Hi
Try posting in the Firewall forum!No CCSP guys in this forum :-(
Good luck
 
Try (instead of https and include the port number---you have the https static NAT entry already, so https I don't think will point to the same interface on two different ports. I don't know how else to explain this, but one static NAT statement already defines https, and separately defines port 443...are you able to access anything else that are defined by different ports, like for example tcp port 7205?

Burt
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top