Announcement

Collapse
No announcement yet.

Cisco ASA 5510

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA 5510

    hi guys

    we have bought a new Cisco ASA 5510 and i dont know anything about configuring this device. i have configured pix 501 but not ASA 5510.

    is there anyone can give me a sample configuration about this device?

    i must configure it in the shortest time and install it to our customer.

    thanks alot
    Nothing...

  • #2
    Re: Cisco ASA 5510

    Hello & Thanks for the question.

    There are a lot of sample configs on the Cisco ASA/PIX Configuration examples website:
    http://www.cisco.com/en/US/products/...ples_list.html

    Is there something specific you are having trouble with?

    Have you tried the GUI interface?

    Thanks
    David
    David Davis - Petri Forums Moderator & Video Training Author
    Train Signal - The Global Leader in IT Video Training
    TrainSignalTraining.com - Free IT Training Products
    Personal Websites: HappyRouter.com & VMwareVideos.com

    Comment


    • #3
      Re: Cisco ASA 5510

      hi this is my configuration. my compnay has got an application which is based on web. it uses 4080 port number. for exmaple when i type http://abc.def:4080 to the browse i can reach to the application when i dont use Cisco ASA. but when i install Cisco ASA to my network system i cant reach the application.
      i did the routing on the ASA but still it doesnt work. and i cannot conenct by remote desktop to my server.
      please help me about this problem.

      thanks alot

      asdm image disk0:/asdm506.bin
      asdm location 10.0.0.200 255.255.255.255 inside
      no asdm history enable
      : Saved
      :
      ASA Version 7.0(6)
      !
      hostname ciscoasa
      domain-name mncicek
      enable password 8Ry2YjIyt7RRXU24 encrypted
      names
      dns-guard
      !
      interface Ethernet0/0
      nameif outside
      security-level 0
      ip address 192.168.1.2 255.255.255.0
      !
      interface Ethernet0/1
      nameif inside
      security-level 1
      ip address 10.0.0.2 255.255.255.0
      !
      interface Ethernet0/2
      shutdown
      no nameif
      no security-level
      no ip address
      !
      interface Management0/0
      nameif management
      security-level 100
      ip address 172.16.0.1 255.255.0.0
      management-only
      !
      passwd 2KFQnbNIdI.2KYOU encrypted
      ftp mode passive
      access-list outside_access_in extended permit tcp any eq 3389 host 10.0.0.200 eq 3389
      access-list outside_access_in extended permit tcp any eq 4080 host 10.0.0.200 eq 4080
      access-list outside_access_in extended permit tcp any eq www host 10.0.0.200 eq www
      access-list outside_access_in extended permit tcp any eq ftp host 10.0.0.200 eq ftp
      access-list outside_access_in extended permit tcp any eq pptp host 10.0.0.200 eq pptp
      pager lines 24
      logging asdm informational
      mtu management 1500
      mtu inside 1500
      mtu outside 1500
      asdm image disk0:/asdm506.bin
      no asdm history enable
      arp timeout 14400
      global (outside) 10 interface
      nat (inside) 10 0.0.0.0 0.0.0.0
      access-group outside_access_in in interface outside
      route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
      timeout xlate 3:00:00
      timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
      timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
      timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
      timeout uauth 0:05:00 absolute
      http server enable
      http 172.16.0.0 255.255.0.0 management
      no snmp-server location
      no snmp-server contact
      snmp-server enable traps snmp authentication linkup linkdown coldstart
      telnet timeout 5
      ssh timeout 5
      console timeout 0
      dhcpd address 172.16.0.2-172.16.1.1 management
      dhcpd address 10.0.0.3-10.0.0.254 inside
      dhcpd dns 10.0.0.2 192.168.1.1
      dhcpd lease 7200
      dhcpd ping_timeout 50
      dhcpd enable management
      dhcpd enable inside
      !
      class-map inspection_default
      match default-inspection-traffic
      !
      !
      policy-map global_policy
      class inspection_default
      inspect dns maximum-length 512
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      !
      service-policy global_policy global
      Cryptochecksum:2f46af6a8e54fdcd4c21b81a2e0ba4ac
      : end
      Last edited by mncicek; 20th March 2007, 09:17.
      Nothing...

      Comment


      • #4
        Re: Cisco ASA 5510

        just a wild guess for what i know about cisco acl's.

        try changing the ACL from:
        Code:
        access-list outside_access_in extended permit tcp any eq 4080 host 10.0.0.200 eq 4080
        to
        Code:
        access-list outside_access_in extended permit tcp any host 10.0.0.200 eq 4080
        Why? You added a source portnumber with the original acl.
        Most often, this is random.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment

        Working...
        X