dynamik wrote: »
Hm, that's what I had originally and it wasn't working. Even with my public IP in there, Shields Up is still showing all the ports as closed.
When I'm testing with Packet Tracer, should I simply use my public IP with the ports I'm testing or would I use my private IP? Everything comes up ok when I use the public IP when I've set that as the destination in my security policy.
static (Inside,Outside) tcp 220.127.116.11 smtp 10.5.5.5 smtp netmask 255.255.255.255
static (Inside,Outside) tcp 18.104.22.168 www 10.5.5.5 www netmask 255.255.255.255
static (Inside,Outside) tcp 22.214.171.124 https 10.5.5.5 https netmask 255.255.255.255
access-list Outside_access_in extended permit tcp any host 126.96.36.199 eq smtp
access-list Outside_access_in extended permit tcp any host 188.8.131.52 eq www
access-list Outside_access_in extended permit tcp any host 184.108.40.206 eq https
A.P.A wrote: »
1) change the outside ACL entry to have your Outside interface IP address as the DST address.
access-list OUTSIDE-ACL permit tcp any host interface eq 443
2) you need a ACL entry for your inside interface as well (interface the internal hosts hang off...) As the traffic is coming from a lower level interface to an higher level interface.
access-list INSIDE-ACL permit x.x.x.x host 192.168.0.101 eq 443
3) With Pkt Tracer you have specified the Outside interface as where you want the test run... so you should be using a SRC IP of something outside your network... and then defining the ip address of your outside interface (The outside DST for your NAT).
As outside hosts will be connecting to your Outside Global NAT address not your inside hosts address.
Make these changes and let us know how you go
dynamik wrote: »
It's production, but it's ours, so I can play a little bit. After awhile though, people got sick of not getting email, so I had to move back to the old setup. All I did was move cables around and everything worked. I'm sort of stumped because this seems like it's so much more difficult than it should be. The IP information, services, etc. are all good.