Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: 5505 Configuration

5505 Configuration 8 years 10 months ago #24893

  • CT_Eagle
  • CT_Eagle's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
I have been trying for several days to configure a new Cisco 5505. I have 3 interfaces that I am trying to configure. Inside, Outside and DMZ. I have successfully configured communications between the Inside and DMZ interfaces. Now I need to allow clients on the Inside Interface to access resources on the Outside interface. I also need to allow clients on the Outside to access a web server on the DMZ interface. The following is the configuration that I am currently using. Any help would be greatly appreciated.

ASA Version 7.2(2)
!
hostname xxxx
domain-name xxxx
enable password XXXXXXXXXXXXXXXX encrypted
names
!
interface Vlan1
nameif Maintenance
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 12.196.X.X 255.255.255.240
!
interface Vlan12
nameif Inside
security-level 100
ip address 192.168.3.1 255.255.255.0
!
interface Vlan22
nameif DMZ
security-level 50
ip address 192.168.4.1 255.255.255.0
!
interface Vlan32
description These are ports reserved for future POE equipment
nameif POE
security-level 0
no ip address
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
switchport access vlan 22
!
interface Ethernet0/2
switchport access vlan 22
!
interface Ethernet0/3
switchport access vlan 12
!
interface Ethernet0/4
switchport access vlan 12
!
interface Ethernet0/5
!
interface Ethernet0/6
switchport access vlan 32
!
interface Ethernet0/7
switchport access vlan 32
!
passwd XXXXXXXXXXXXXXXX encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name xxxx
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_access_in remark 2WWW
access-list outside_access_in remark 2WWW
access-list outside_access_in remark 2LMS
access-list Inside_access_in extended permit udp any any
access-list Inside_access_in extended permit tcp any any
access-list Inside_access_in extended permit icmp any any
access-list DMZ_access_out extended permit udp any any
access-list DMZ_access_out extended permit tcp any any
access-list DMZ_access_out extended permit icmp any any
access-list DMZ_access_in extended permit udp any any
access-list DMZ_access_in extended permit tcp any any
access-list DMZ_access_in extended permit icmp any any
access-list Inside_access_out extended permit udp any any
access-list Inside_access_out extended permit tcp any any
access-list Inside_access_out extended permit icmp any any
access-list OutsideToDMZ extended permit tcp any host "SERVERIP" eq www
access-list OutsideToDMZ extended permit tcp any host "SERVERIP" eq ftp
pager lines 24
logging enable
logging asdm informational
mtu Maintenance 1500
mtu outside 1500
mtu Inside 1500
mtu DMZ 1500
mtu POE 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 X.X.X.X-X.X.X.X netmask 255.0.0.0
global (outside) 1 interface
nat (Inside) 1 192.168.3.0 255.255.255.0
nat (Inside) 1 192.168.4.0 255.255.255.0
static (DMZ,outside) X.X.X.X 192.168.4.2 netmask 255.255.255.255
access-group OutsideToDMZ in interface outside
access-group Inside_access_in in interface Inside
access-group Inside_access_out out interface Inside
access-group DMZ_access_in in interface DMZ
access-group DMZ_access_out out interface DMZ
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 Maintenance
http 192.168.3.0 255.255.255.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.129 Maintenance
!

!
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
!
prompt hostname context
Cryptochecksum:1f1f0740c71fae7ae6daff55f6934118
: end
The administrator has disabled public write access.
Time to create page: 0.076 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup