Sign in with
Sign up | Sign in
Your question

Im not able to reach my DMZ for the www and smtp and Outside for inter

April 11, 2011 11:39:53 AM

Hello, everyone out there. hope u guys r doing great.

Well im having some tough time here while trying to configure my Cisco Asa 5520 v.7.

i must admite its the first time i configure a cisco device just after finishing the course.. so as you might now how it feels like the first time

So Now long story made short.

Im busy configuring my cisco Asa 5520 version 7 and bellow is the show run of the machine:

sh run : Saved : ASA Version 7.0(8) ! hostname xxxxxxxxxx domain-name enable password xxxxxxxxxx encrypted passwd xxxxxxxxxxx encrypted names dns-guard

interface GigabitEthernet0/0 description "Link-To-GW-Router" nameif outside security-level 0 ip address

interface GigabitEthernet0/1 description Link To Local Lan nameif inside security-level 100 ip address
interface GigabitEthernet0/2 description "Link-T nameif dmz security-level 50 ip address
interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address
interface Management0/0 shutdown no nameif no security-level no ip address

ftp mode passive
#access-list OUTSIDE-IN extended permit tcp any host eq smtp
#access-list OUTSIDE-IN extended permit tcp any host eq www
#access-list DMZ-IN extended deny ip any any log access-list DMZ_IN extended permit ip any any
pager lines 24 mtu outside 1500
mtu inside 1500
mtu dmz 1500
no failover asdm image disk0:/asdm-508.bin no asdm history enable arp timeout 14400
global (outside) 1 netmask
nat (inside) 1 static (dmz,outside) netmask
static (dmz,outside) netmask
access-group OUTSIDE-IN in interface outside
access-group DMZ-IN in interface dmz
route outside 1
timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username tchipa password JUU.kVt2Und.Vd23 encrypted privilege 15 http server enable http inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console timeout 0 ! class-map inspection_default match default-inspection-traffic !
! policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras

inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect snmp
service-policy global_policy global
: end

ASA2(config)# sh xlate

3 in use, 3 most used
Global Local
Global Local
Global Local

ASA2(config)# sh route

S [1/0] via, outside
C is directly connected, inside
C is directly connected, outside
C is directly connected, dmz

My Network connection looks something as this:



So can anyone please try to help me solving this problem... even just to have atleast internet connection only and i will see what will happen to the dmz later on.. atleast the internet.

I thank everyone in advance

Big Denzel