- Posts: 1
- Thank you received: 0
ASA 5505 Server Config HELP!!!
15 years 4 months ago #30893
by mypw
ASA 5505 Server Config HELP!!! was created by mypw
Hey Everyone,
Sorry if I mess this one up, have never posted to a forum before.
Trying to configure an ASA 5505 with the following conditions
Router has a realworld IP
5 additional IP's point to the above address.
1 server with web and email running needing to be on one of the additional ip's
I have been able to get the standard routing up and running so I have internet access from any of the comptuers behind the 5505
Server has an ip of 192.168.2.100
Need to know how to point one of the additional real world ip's to that address.
This is my first Cisco router so I really dont know how to get around in the CLI, have been trying to configure it through the GUI right now. If I have to configure through the CLI, I would need a bit of help in that department also!
Thanks
Result of the command: "sh run"
: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password ************ encrypted
passwd ********** encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 216.224.*.* 255.255.255.252
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list outside_access_in extended permit ip host 216.224.*.* host 192.168.2.100
access-list outside_access_in extended permit tcp host 216.224.*.* host 192.168.2.100
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 216.224.*.* 192.168.2.100 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 216.224.253.157 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.2.2-192.168.2.99 inside
dhcpd dns 216.224.224.10 216.224.229.42 interface inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:****************
: end
Sorry if I mess this one up, have never posted to a forum before.
Trying to configure an ASA 5505 with the following conditions
Router has a realworld IP
5 additional IP's point to the above address.
1 server with web and email running needing to be on one of the additional ip's
I have been able to get the standard routing up and running so I have internet access from any of the comptuers behind the 5505
Server has an ip of 192.168.2.100
Need to know how to point one of the additional real world ip's to that address.
This is my first Cisco router so I really dont know how to get around in the CLI, have been trying to configure it through the GUI right now. If I have to configure through the CLI, I would need a bit of help in that department also!
Thanks
Result of the command: "sh run"
: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password ************ encrypted
passwd ********** encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 216.224.*.* 255.255.255.252
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list outside_access_in extended permit ip host 216.224.*.* host 192.168.2.100
access-list outside_access_in extended permit tcp host 216.224.*.* host 192.168.2.100
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 216.224.*.* 192.168.2.100 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 216.224.253.157 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.2.2-192.168.2.99 inside
dhcpd dns 216.224.224.10 216.224.229.42 interface inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:****************
: end
15 years 3 months ago #31366
by faisal4u2
Replied by faisal4u2 on topic Re: ASA 5505 Server Config HELP!!!
In order for server to be accessible from internet, you need Static Nat and an acl to permit it on outside interface.
First Remove the below ACL
access-list outside_access_in extended permit ip host 216.224.*.* host 192.168.2.100
access-list outside_access_in extended permit tcp host 216.224.*.* host 192.168.2.100
Create the below
access-list outside_access_in extended permit tcp any host 216.224.*.* eq 80
access-group outside_access_in in interface outside
Let me know if it helps
First Remove the below ACL
access-list outside_access_in extended permit ip host 216.224.*.* host 192.168.2.100
access-list outside_access_in extended permit tcp host 216.224.*.* host 192.168.2.100
Create the below
access-list outside_access_in extended permit tcp any host 216.224.*.* eq 80
access-group outside_access_in in interface outside
Let me know if it helps
Time to create page: 0.111 seconds