|
Posted by tman on June 18, 2008, 12:26 pm
If you were Registered and logged in, you could reply and use other advanced thread options >
>
>
>
>
>
> > I am trying to learn how to configure an ASA5505. I have written one
> > access-list and one static NAT statement but I cannot get packets from
> > outside to the host on the dmz.
>
> > The ip address on the outside interface is 200.1.1.132. The ip
> > address on the dmz interface is 192.168.20.1.
>
> > To test I have one host, 200.1.1.131 connected to the outside
> > interface and a second host, 192.168.20.134 connected to the dmz
> > interface. I am running a utility called Attacker on the host in the
> > dmz that is listening on port 110. To test I just telnet from the
> > outside host to port 110 on the host in the dmz. So far I have been
> > unsuccessful.
>
> > Here are my access-list and its grouping to the outside interface and
> > my static NAT statement Am I missing something? Do I have to add
> > 200.1.1.134 to the outside interface as a virtual ip address like some
> > firewalls or does the static nat accomplish this?
>
> > access-list OutsideToDmz extended permit tcp any host 200.1.1.134 eq
> > pop3
>
> > access-group OutsideToDmz in interface outside
>
> > static (outside,dmz) 192.168.20.134 200.1.1.134 netmask
> > 255.255.255.255
>
> > Any suggestions will be greatly appreciated.
>
> > Thanks
> >>I think it is static(dmz,outside) 192.168,20.134 200.1.1.234 netmask
> >>255.255.255.255
>
> Actually it's
>
> static (dmz,outside) 200.1.1.234 192.168.20.134 netmask 255.255.255.255
>
> static (real,fake) fake real netmask 255.255.255.255- Hide quoted text -
>
> - Show quoted text -
Thanks. That finally worked. Jeeesh! These docs are difficult to
interpret. They seem to always use weird examples rather than
straight forward basic ones.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map