Announcement

Collapse
No announcement yet.

Cisco asa 5520

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco asa 5520

    Guys I'm stuck and need as much help as possible please. I'm from Guyana, South America. I have my ISP connected one cisco 2800 series Router connected to a Cisco ASA 5520 firewall then to a dell power connect switch then to a number of small networks on Cisco 881 Routers. Also from the ASA 5520 I have my servers connected as DMZ. Now What i want to accomplish is for my DMZ to reach the internet and my small networks to reach the DMZ and also the internet. Also VPN from remote networks to access the DMZ. belwo is my corrent running-config on the ASA.

    esult of the command: "show run"
    : Saved
    :
    ASA Version 7.2(4)
    !
    hostname POLICEWALL
    domain-name GPF.LOCAL
    enable password HK/vZasaheGFeLV4 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface GigabitEthernet0/0
    nameif OUTSIDE
    security-level 0
    ip address 100.100.100.1 255.255.255.252
    !
    interface GigabitEthernet0/1
    nameif INSIDE
    security-level 100
    ip address 10.10.10.1 255.255.255.0
    !
    interface GigabitEthernet0/2
    nameif DMZ
    security-level 50
    ip address 192.168.1.1 255.255.255.0
    !
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Management0/0
    nameif management
    security-level 100
    ip address 172.168.1.1 255.255.255.0
    management-only
    !
    ftp mode passive
    dns server-group DefaultDNS
    domain-name GPF.LOCAL
    same-security-traffic permit intra-interface
    object-group protocol ip-allow
    protocol-object ip
    protocol-object icmp
    protocol-object udp
    protocol-object tcp
    access-list OUTSIDE_access_in extended permit object-group ip-allow any 192.168.1.0 255.255.255.0
    access-list OUTSIDE_access_in extended permit tcp any 192.168.1.0 255.255.255.0
    access-list INSIDE_access_out extended permit ip any any
    access-list DMZ_access_out extended permit ip any any
    access-list OUTSIDE_1_cryptomap extended permit ip 100.100.100.0 255.255.255.252 192.168.1.0 255.255.255.0
    access-list INSIDE_nat0_outbound extended permit ip 100.100.100.0 255.255.255.252 192.168.1.0 255.255.255.0
    access-list allow_outside_connections extended permit icmp any any echo-reply
    access-list allow_outside_connections extended permit icmp any any source-quench
    access-list allow_outside_connections extended permit icmp any any unreachable
    access-list allow_outside_connections extended permit icmp any any time-exceeded
    pager lines 24
    logging enable
    logging asdm informational
    mtu OUTSIDE 1500
    mtu INSIDE 1500
    mtu DMZ 1500
    mtu management 1500
    no failover
    monitor-interface OUTSIDE
    monitor-interface INSIDE
    monitor-interface DMZ
    monitor-interface management
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (OUTSIDE) 101 100.100.100.3-100.100.100.4 netmask 255.255.255.252
    global (OUTSIDE) 200 interface
    global (INSIDE) 1 10.10.10.2 netmask 255.0.0.0
    global (DMZ) 1 192.168.1.2 netmask 255.255.255.0
    nat (INSIDE) 0 access-list INSIDE_nat0_outbound
    nat (INSIDE) 1 10.10.10.0 255.255.255.0
    nat (INSIDE) 101 0.0.0.0 0.0.0.0
    nat (DMZ) 1 192.168.1.0 255.255.255.0 outside
    access-group OUTSIDE_access_in in interface OUTSIDE
    access-group INSIDE_access_out out interface INSIDE
    access-group DMZ_access_out out interface DMZ
    route OUTSIDE 100.100.100.3 255.255.255.255 100.100.100.1 1
    route INSIDE 10.10.10.2 255.255.255.255 192.168.1.0 1
    route DMZ 192.168.1.32 255.255.255.255 100.100.100.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    http server enable
    http 172.168.1.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto map OUTSIDE_map 1 match address OUTSIDE_1_cryptomap
    crypto map OUTSIDE_map 1 set pfs group1
    crypto map OUTSIDE_map 1 set peer 190.80.45.23
    crypto map OUTSIDE_map 1 set transform-set ESP-3DES-SHA
    crypto map OUTSIDE_map interface OUTSIDE
    crypto isakmp enable OUTSIDE
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 172.168.1.2-172.168.1.254 management
    dhcpd enable management
    !
    tunnel-group 190.80.45.23 type ipsec-l2l
    tunnel-group 190.80.45.23 ipsec-attributes
    pre-shared-key *
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:823a0517e4d0da2dbbf05c1576bf130b

  • #2
    Asa 5520

    Can anyone really help me here.................. ASA 5520

    Comment


    • #3
      Re: Asa 5520

      Originally posted by MarkStClaire View Post
      ASA 5520
      What about it?

      Originally posted by MarkStClaire View Post
      Can anyone really help me here..................
      If you tell us what you need help with, maybe...

      What are you asking? We have absolutely no way of knowing what you're trying to do, what problems you're having...

      May I please suggest you take some time to read through the forum rules http://forums.petri.com/announcement.php?f=46
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: Asa 5520

        Wonderful I have some attention. My problem is with my ASA 5520 Firewall. I have configure it with DMZ, OUTSIDE and INSIDE interface however traffic cannot pass between the interface. I've check all my Nat and ACL to verified what I have done. So i need someone input to see if I'm missing something or made a major mistake in my config. thank you. attached are my lad diagram and config file.
        Attached Files

        Comment


        • #5
          Re: Asa 5520

          Was your first post in this thread intended as a follow up to your thread from the 23rd?
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: Asa 5520

            yes sir......... how can get rid of that one. cause I've made some progress here and it seem better respond here also. Sorry if I've dupilcate post.

            Comment


            • #7
              Re: Asa 5520

              I've flagged the thread for a moderator to review, the threads will most likley be merged.
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: Asa 5520

                Thanks buddy....... now all i need is for someone out there to take a look at my config and see where i went wrong.

                Comment


                • #9
                  Re: Cisco asa 5520

                  Threads merged...
                  David Davis - Petri Forums Moderator & Video Training Author
                  Train Signal - The Global Leader in IT Video Training
                  TrainSignalTraining.com - Free IT Training Products
                  Personal Websites: HappyRouter.com & VMwareVideos.com

                  Comment


                  • #10
                    Re: Cisco asa 5520

                    thanks!!!!!!!!!

                    Comment

                    Working...
                    X