Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: ASA, ADSL Modem and my DMZ :(

ASA, ADSL Modem and my DMZ :( 10 years 8 months ago #24978

  • bobg
  • bobg's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 2
  • Thank you received: 0
Hi guys,

I recently purchased a Cisco ASA 5505 for my home network.I have never really played around with Cisco's security appliances and thought it might be worth while :).

Anyway I ran into a problem and I was hoping someone could help a N00b like myself out ;).

ok here is the scenario.

I have an ADSL connection which provides me with a dynamic public IP. ( I am using for obtain a DNS name for the moment).

Inside interface
Security level: 100

Security level: 4

IP: assigned via DHCP from my ADSL modem/router. -
Security level: 0

My ADSL modem(router) is connect to the outside interface of my ASA.

I have a a PC connected to the inside interface and a server running apache(webserver) connect to my DMZ.

I am trying to make my Webserver publically available.

I have setup port forward on my router to send all traffic on port 80 to my Outside interface - ( which now that I write it seems pointless as all traffic is going there anyway!)

But now what I THINK I need to do is port forward all traffic on port 80 which arrives at the outside interface to the DMZ???

Its a similar setup to ones I've seen cisco documenting, except my outside inference isn't a public address as its already gone through one level of nating from my router.

At the moment when I try to access my webserver from the internet I get the following error in my syslog's.

"3|Jan 30 2008|16:51:57|710003|||TCP access denied by ACL from to outside:
3|Jan 30 2008|16:51:54|710003|||TCP access denied by ACL from to outside:"

I've attached my running-config below. At the moment with my router

I apologise if this is a stupid question, I'm keen to get this up and running and learn from it. MANY THANKS!

My running config.

ASA Version 7.2(2)
hostname homeasa
domain-name default.domain.home
enable password 1plPx2i8fWTm1hEU encrypted
interface Vlan1
nameif inside
security-level 100
ip address
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan12
description DMZ for webserver
no forward interface Vlan1
nameif DMZ
security-level 4
ip address
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
switchport access vlan 12
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd 1plPx2i8fWTm1hEU encrypted
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
server-group DefaultDNS
domain-name default.domain.home
access-list outside_access_in remark TRAFFIC IS ENTERING
access-list outside_access_in extended permit tcp any host eq www log emergencies
access-list outside_access_in extended permit tcp any host eq www log
access-list DMZ_access_in extended permit tcp any host eq www
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu DMZ 1500
ip audit name AlarmDrop attack action alarm drop
ip audit interface outside AlarmDrop
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
nat (DMZ) 1
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
timeout xlate 3:00:00
timeout conn 1:00:00
half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username marcosg password shte7DmC88sfarw5 encrypted privilege 15
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
auth-prompt prompt Warning. Unathorised access will be prosecuted
auth-prompt accept Welcome
auth-prompt reject You are not authorised to access me. Go away!
telnet inside
telnet timeout 5
ssh inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address
dhcpd enable inside

class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
: end
asdm image disk0:/asdm-522.bin
no asdm history enable

Re: ASA, ADSL Modem and my DMZ :( 10 years 8 months ago #24999

  • bobg
  • bobg's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 2
  • Thank you received: 0
Sorry is my question that stupid? Or does nobody have any ideas? :(

Re: ASA, ADSL Modem and my DMZ :( 10 years 7 months ago #25398

Sorry is my question that stupid? Or does nobody have any ideas? :(

Have you looked at your PAT translations?
  • Page:
  • 1
Time to create page: 0.150 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup