Sign in with
Sign up | Sign in
Your question

Im not able to reach my DMZ for the www and smtp and Outside for inter

April 11, 2011 11:39:53 AM

Hello, everyone out there. hope u guys r doing great.

Well im having some tough time here while trying to configure my Cisco Asa 5520 v.7.

i must admite its the first time i configure a cisco device just after finishing the course.. so as you might now how it feels like the first time

So Now long story made short.

Im busy configuring my cisco Asa 5520 version 7 and bellow is the show run of the machine:

sh run : Saved : ASA Version 7.0(8) ! hostname xxxxxxxxxx domain-name parlamento.ao enable password xxxxxxxxxx encrypted passwd xxxxxxxxxxx encrypted names dns-guard

!
interface GigabitEthernet0/0 description "Link-To-GW-Router" nameif outside security-level 0 ip address 41.223.156.109 255.255.255.248

!
interface GigabitEthernet0/1 description Link To Local Lan nameif inside security-level 100 ip address 10.1.4.1 255.255.252.0
!
interface GigabitEthernet0/2 description "Link-T nameif dmz security-level 50 ip address 172.16.16.1 255.255.255.0
!
interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address
!
interface Management0/0 shutdown no nameif no security-level no ip address
!

ftp mode passive
#access-list OUTSIDE-IN extended permit tcp any host 100.1.1.1 eq smtp
#access-list OUTSIDE-IN extended permit tcp any host 100.1.1.2 eq www
#access-list DMZ-IN extended deny ip any any log access-list DMZ_IN extended permit ip any any
pager lines 24 mtu outside 1500
mtu inside 1500
mtu dmz 1500
no failover asdm image disk0:/asdm-508.bin no asdm history enable arp timeout 14400
global (outside) 1 100.1.1.2-100.1.1.254 netmask 255.255.255.0
nat (inside) 1 10.1.4.0 255.255.252.0 static (dmz,outside) 100.1.1.1 172.16.16.25 netmask 255.255.255.255
static (dmz,outside) 100.1.1.2 172.16.16.80 netmask 255.255.255.255
access-group OUTSIDE-IN in interface outside
access-group DMZ-IN in interface dmz
route outside 0.0.0.0 0.0.0.0 41.223.156.108 1
timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username tchipa password JUU.kVt2Und.Vd23 encrypted privilege 15 http server enable http 10.1.4.0 255.255.252.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console timeout 0 ! class-map inspection_default match default-inspection-traffic !
! policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras

inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect snmp
!
service-policy global_policy global
Cryptochecksum:a8bd784f831f982651233b62165e2c9d
: end




ASA2(config)# sh xlate

3 in use, 3 most used
Global 100.1.1.1 Local 172.16.16.25
Global 100.1.1.2 Local 172.16.16.80
Global 100.1.1.2 Local 10.1.4.2


ASA2(config)# sh route

S 0.0.0.0 0.0.0.0 [1/0] via 41.223.156.108, outside
C 10.1.4.0 255.255.252.0 is directly connected, inside
C 41.223.156.104 255.255.255.248 is directly connected, outside
C 172.16.16.0 255.255.255.0 is directly connected, dmz

My Network connection looks something as this:


INTERNET--------PERIMETER ROUTER------CISCO ASA 5520-------- INTERNAL NETWORK

ISP 41.223.156.109---- MY NEXT HOPE IS .108
INSIDE 10.1.4.1- 255.255.252.0
DMZ 172.16.16.1- 255.255.255.0 PCS ON THE DMZ .25 AND .80

So can anyone please try to help me solving this problem... even just to have atleast internet connection only and i will see what will happen to the dmz later on.. atleast the internet.


I thank everyone in advance


Big Denzel
!