Announcement

Collapse
No announcement yet.

I cant communicate from inside to dam and outside on cisco Asa 5520 v.7

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • I cant communicate from inside to dam and outside on cisco Asa 5520 v.7

    Hello everyone out there again. hope u guys r doing great.
    Its my first time to post here.

    Let me admit im too new in configuring cisco devices and im infront of a Asa 5520 in order to get it configured.

    ..Now long story made short.

    Im busy configuring my cisco Asa 5520 version 7 and bellow is the show run of the machine: but first my network connection looks like this

    INTERNET-----PERIMETER CISCO ROUTER------CISCO ASA 5520--------INSIDE NETWORK


    ASA2>
    ASA2> en
    Password:
    ASA2# sh run
    : Saved
    : ASA Version 7.0(
    !
    hostname xxxxxxxxxx
    domain-name parlamento.ao
    enable password xxxxxxxxxx encrypted
    passwd xxxxxxxxxxx encrypted
    names
    dns-guard
    ! interface GigabitEthernet0/0
    description "Link-To-GW-Router"
    nameif outside
    security-level 0
    ip address 41.223.156.109 255.255.255.248
    ! interface GigabitEthernet0/1
    description Link To Local Lan
    nameif inside
    security-level 100
    ip address 10.1.4.1 255.255.252.0
    ! interface GigabitEthernet0/2
    description "Link-T
    nameif dmz
    security-level 50
    ip address 172.16.16.1 255.255.255.0
    !
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Management0/0
    shutdown
    no nameif
    no security-level
    no ip address
    !
    ftp mode passive
    access-list OUTSIDE-IN extended permit tcp any host 100.1.1.1 eq smtp
    access-list OUTSIDE-IN extended permit tcp any host 100.1.1.2 eq www
    access-list DMZ-IN extended deny ip any any log
    access-list DMZ_IN extended permit ip any any
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    mtu dmz 1500
    no failover
    asdm image disk0:/asdm-508.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 100.1.1.2-100.1.1.254 netmask 255.255.255.0
    nat (inside) 1 10.1.4.0 255.255.252.0
    static (dmz,outside) 100.1.1.1 172.16.16.25 netmask 255.255.255.255
    static (dmz,outside) 100.1.1.2 172.16.16.80 netmask 255.255.255.255
    access-group OUTSIDE-IN in interface outside
    access-group DMZ-IN in interface dmz
    route outside 0.0.0.0 0.0.0.0 41.223.156.108 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    username tchipa password JUU.kVt2Und.Vd23 encrypted privilege 15
    http server enable
    http 10.1.4.0 255.255.252.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    ! class-map inspection_default
    match default-inspection-traffic
    ! ! policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp inspect snmp ! service-policy global_policy global Cryptochecksum:449d5f1c3c31ec4623e58887720e339b :
    end

    The Problem is;
    at moment from the inside network i cant reach or ping the DMZ,i mean the .1 n .25 n .80, and once the machine is running,from the inside network i cant even access the internet as well as from Outside i can´t reach my and DMZ. but from the ASA i can ping both the pc 10.1.4.2 on the inside network (10.1.4.1), and the pc 172.6.16.25 on the DMZ(172.16.16.1)

    What i whant;

    1.Allowing my inside PCs to access the internet
    2.Allow outside traffic or internet users to to access my DMZ specificaly on my email server 172.16.16.25 and www server 172.16.16.80
    3.static nat with my Web and Email servers
    Allowing Inside users to access my DMZ specificaly on my email server 172.16.16.25 and www server 172.16.16.80

    thats basicaly what i need, to have the machine up running

    Can enyone please give me a straight forward inputs or command to help me solve this problem please.

    I thank you in advance once again... and hope my asa sh run looks clear

    Big denzel
    Last edited by tchipa; 9th April 2011, 18:03.

  • #2
    Re: I cant communicate from inside to dam and outside on cisco Asa 5520 v.7

    Moved to Cisco Security forum (a bit further down, using the nice scroll wheel on your mouse) as the wall of fame is probably NOT the best place
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: I cant communicate from inside to dam and outside on cisco Asa 5520 v.7

      Do you have access to the cisco router?
      CCNA, Network+

      Comment

      Working...
      X