Announcement

Collapse
No announcement yet.

ASA 5505 Routing/Port Forwarding Help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA 5505 Routing/Port Forwarding Help

    Hello,

    I have been trying to install a new ASA 5505 as our primary firewall. The problem is that I can't get it to route mail (regular or pop). I am posting the output from show running-config, if anyone can see what I have wrong, I would greatly appreciate any advice. Thank you!

    The config will be in the next post (too many characters for one entry).

  • #2
    Re: ASA 5505 Routing/Port Forwarding Help

    # show running-config
    : Saved
    :
    ASA Version 7.2(4)
    !
    hostname ourhostname
    domain-name ourdomain.com
    enable password g1Oa.HceOq5KKXMk encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.5.254 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    ip address XX.XX.XX.18 255.255.255.248
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    ftp mode passive
    dns server-group DefaultDNS
    domain-name ourdomain.com
    access-list outside_access_in extended permit tcp any interface outside eq 3389
    access-list outside_access_in extended permit tcp any interface outside eq 2222
    access-list outside_access_in extended permit tcp any interface outside eq www
    access-list outside_access_in extended permit tcp any interface outside eq smtp
    access-list outside_access_in extended permit tcp any interface outside eq pop3
    access-list outside_access_in extended permit tcp any interface outside eq 2001
    access-list outside_access_in extended permit tcp any interface outside eq pptp
    access-list outside_access_in extended permit tcp any interface outside eq 47
    access-list outside_access_in extended permit tcp any interface outside eq ssh
    access-list outside_access_in extended permit tcp any interface outside eq domain
    pager lines 24
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 10 interface
    nat (inside) 10 192.168.5.0 255.255.255.0
    static (inside,outside) tcp interface 3389 192.168.5.225 3389 netmask 255.255.255.255
    static (inside,outside) tcp interface smtp 192.168.5.10 smtp netmask 255.255.255.255
    static (inside,outside) tcp interface 587 192.168.5.10 587 netmask 255.255.255.255
    static (inside,outside) tcp interface 2001 192.168.5.226 2001 netmask 255.255.255.255
    static (inside,outside) tcp interface pptp 192.168.5.226 pptp netmask 255.255.255.255
    static (inside,outside) tcp interface 47 192.168.5.226 47 netmask 255.255.255.255
    static (inside,outside) tcp interface 2222 192.168.5.5 2222 netmask 255.255.255.255
    static (inside,outside) tcp interface www 192.168.5.1 www netmask 255.255.255.255
    static (inside,outside) tcp interface pop3 192.168.5.1 pop3 netmask 255.255.255.255
    static (inside,outside) tcp interface 2525 192.168.5.5 2525 netmask 255.255.255.255
    static (inside,outside) tcp interface domain 192.168.5.1 domain netmask 255.255.255.255
    static (inside,outside) tcp interface ssh 192.168.5.1 ssh netmask 255.255.255.255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 74.7.153.17 1

    ...rest in next post

    Comment


    • #3
      Re: ASA 5505 Routing/Port Forwarding Help

      timeout xlate 3:00:00
      timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
      timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
      timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
      timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
      aaa authentication ssh console LOCAL
      aaa authentication http console LOCAL
      http server enable
      http 192.168.5.0 255.255.255.0 inside
      no snmp-server location
      no snmp-server contact
      snmp-server enable traps snmp authentication linkup linkdown coldstart
      telnet timeout 5
      ssh 192.168.5.0 255.255.255.0 inside
      ssh timeout 5
      console timeout 0

      username user1 password IDBQDH/nb.kBLsul encrypted privilege 15
      username user2 password WkJLLysYhiKLmBA6 encrypted privilege 15
      !
      class-map inspection_default
      match default-inspection-traffic
      !
      !
      policy-map type inspect dns preset_dns_map
      parameters
      message-length maximum 512
      policy-map global_policy
      class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
      !
      service-policy global_policy global
      prompt hostname context
      Cryptochecksum:19c82c376d7fcce1f913d85cd00469e5
      : end

      Comment


      • #4
        Re: ASA 5505 Routing/Port Forwarding Help

        I'm missing your NAT configuration...
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: ASA 5505 Routing/Port Forwarding Help

          Here is what I have:

          global (outside) 10 interface
          nat (inside) 10 192.168.5.0 255.255.255.0

          static (inside,outside) tcp interface 3389 192.168.5.225 3389 netmask 255.255.255.255
          static (inside,outside) tcp interface smtp 192.168.5.10 smtp netmask 255.255.255.255
          static (inside,outside) tcp interface 587 192.168.5.10 587 netmask 255.255.255.255
          static (inside,outside) tcp interface 2001 192.168.5.226 2001 netmask 255.255.255.255
          static (inside,outside) tcp interface pptp 192.168.5.226 pptp netmask 255.255.255.255
          static (inside,outside) tcp interface 47 192.168.5.226 47 netmask 255.255.255.255
          static (inside,outside) tcp interface 2222 192.168.5.5 2222 netmask 255.255.255.255
          static (inside,outside) tcp interface www 192.168.5.1 www netmask 255.255.255.255
          static (inside,outside) tcp interface pop3 192.168.5.1 pop3 netmask 255.255.255.255
          static (inside,outside) tcp interface 2525 192.168.5.5 2525 netmask 255.255.255.255
          static (inside,outside) tcp interface domain 192.168.5.1 domain netmask 255.255.255.255
          static (inside,outside) tcp interface ssh 192.168.5.1 ssh netmask 255.255.255.255
          access-group outside_access_in in interface outside
          route outside 0.0.0.0 0.0.0.0 xx.xx.xx.17 1

          Comment


          • #6
            Re: ASA 5505 Routing/Port Forwarding Help

            Sorry, I overlooked it.
            Anyhow please review http://www.cisco.com/en/US/products/...8046f31a.shtml
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X