|
Posted by on June 10, 2008, 11:04 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi all,
I have done following config on ASA 5505,
ASA Version 7.2(3)
!
hostname FW1
domain-name STJOHN
enable password * encrypted
names
name 10.6.1.1 GlobalIP
!
interface Vlan1
nameif inside
security-level 100
ip address 1.1.8.1 255.255.0.0
!
interface Vlan2
nameif outside
security-level 0
ip address GlobalIP 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone WST -11
dns server-group DefaultDNS
domain-name STJOHN
object-group network CLI2
network-object host 1.1.8.1
network-object host GlobalIP
access-list outside_to_inside extended permit tcp any interface
outside eq 50003 log errors
pager lines 24
logging enable
logging asdm errors
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
nat-control
global (inside) 1 1.1.0.0-1.1.2.254 netmask 255.0.0.0
global (outside) 1 interface
static (inside,outside) tcp interface 50003 1.1.8.10 50003 netmask
255.255.255.255
access-group outside_to_inside in interface outside
route outside 0.0.0.0 0.0.0.0 10.6.1.6 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 1.1.8.10 255.255.255.255 inside
http 1.1.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
!
prompt hostname context
Cryptochecksum:*
: end
asdm image disk0:/asdm-523.bin
no asdm history enable
With this config packest sent from outside interface to ip 10.6.1.1
are forwared to inside host 1.1.8.10 & this inside host sends ack to
the sender.
But when I connect thi ASA to our network. Network stops giving many
errors like
Deny inbound UDP from 1.1.x.x/1041 to 1.1.x.x/161 on interface inside
Inbound TCP connection denied from 1.1.x.x/1419 to 1.1.x.x/1525 flags
RST on interface inside
Inbound TCP connection denied from 1.1.x.x/1494 to 1.1.x.x/1175 flags
RST on interface inside
Inbound TCP connection denied from 1.1.x.x/49534 to 1.1.x.x/135 flags
SYN on interface inside
Inbound TCP connection denied from 1.1.x.x/139 to 1.1.x.x/4215 flags
PSH ACK on interface inside
Inbound TCP connection denied from 1.1.x.x/1494 to 1.1.x.x/1029 flags
PSH ACK on interface inside
Deny inbound UDP from 1.1.x.x/1032 to 1.1.x.x/53 due to DNS Query
Any suggestions?
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map