Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Cisco ASA 5505 Configuration help required

Cisco ASA 5505 Configuration help required 6 years 8 months ago #33314

  • Girishj22
  • Girishj22's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
I am trying to configure asa in my office.This is my first time only so i refered some sites & was trying to configure it.But it is not allowing http traffic to pass.I am posting my config for your reference.Pls help

ASA Version 7.2(4)
!
hostname Firewall

domain-name default.domain.invalid

enable password 6a3buQitz5ajvb6A encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address x.x.x.x 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address x.x.x.x 255.255.255.240

!

interface Vlan3

shutdown

nameif dmz

security-level 50

no ip address



interface Ethernet0/0


switchport access vlan 2


!


interface Ethernet0/1


!



ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS

name-server x.x.x.x

name-server x.x.x.x

domain-name default.domain.invalid


same-security-traffic permit inter-interface


same-security-traffic permit intra-interface


access-list 102 extended permit icmp any any echo-reply


access-list 102 extended permit tcp any any eq www


access-list 102 extended permit tcp any any eq telnet


access-list 102 extended permit tcp any any eq smtp


access-list 102 extended permit tcp any any eq pop3


access-list 102 extended permit tcp any any eq ftp


access-list 102 extended permit tcp any any eq ftp-data


logging enable


logging asdm informational


mtu inside 1500


mtu outside 1500

mtu dmz 1500

no failover


icmp unreachable rate-limit 1 burst-size 1


asdm image disk0:/asdm-524.bin


no asdm history enable


arp timeout 14400


global (outside) 1 interface


nat (inside) 1 0.0.0.0 0.0.0.0


route inside 0.0.0.0 0.0.0.0 x.x.x.x 1


timeout xlate 3:00:00


timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02


timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00


timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00


timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute


http server enable


http x.x.x.x 255.255.255.0 inside


no snmp-server location


no snmp-server contact


snmp-server enable traps snmp authentication linkup linkdown coldstart


telnet timeout 5


ssh timeout 5


console timeout 0


dhcpd auto_config outside


!


class-map inspection_default


match default-inspection-traffic


policy-map type inspect dns preset_dns_map

parameters


message-length maximum 512


policy-map global_policy


class inspection_default

inspect dns preset_dns_map


inspect ftp


inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

service-policy global_policy global

prompt hostname context

Cryptochecksum:e52521fc670d17fd33f3210e9e6f309c


: end
The administrator has disabled public write access.

Re: Cisco ASA 5505 Configuration help required 6 years 8 months ago #33387

  • Haxi
  • Haxi's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Thanks for taking the time to help, I really apprciate it.
Love you all
The administrator has disabled public write access.

Re: Cisco ASA 5505 Configuration help required 6 years 8 months ago #33405

  • tuanhs
  • tuanhs's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
I am trying to configure asa in my office.This is my first time only so i refered some sites & was trying to configure it.But it is not allowing http traffic to pass.I am posting my config for your reference.Pls help

ASA Version 7.2(4)
!
hostname Firewall

domain-name default.domain.invalid

enable password 6a3buQitz5ajvb6A encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address x.x.x.x 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address x.x.x.x 255.255.255.240

!

interface Vlan3

shutdown

nameif dmz

security-level 50

no ip address



interface Ethernet0/0


switchport access vlan 2


!


interface Ethernet0/1


!



ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS

name-server x.x.x.x

name-server x.x.x.x

domain-name default.domain.invalid


same-security-traffic permit inter-interface


same-security-traffic permit intra-interface


access-list 102 extended permit icmp any any echo-reply


access-list 102 extended permit tcp any any eq www


access-list 102 extended permit tcp any any eq telnet


access-list 102 extended permit tcp any any eq smtp


access-list 102 extended permit tcp any any eq pop3


access-list 102 extended permit tcp any any eq ftp


access-list 102 extended permit tcp any any eq ftp-data


logging enable


logging asdm informational


mtu inside 1500


mtu outside 1500

mtu dmz 1500

no failover


icmp unreachable rate-limit 1 burst-size 1


asdm image disk0:/asdm-524.bin


no asdm history enable


arp timeout 14400


global (outside) 1 interface


nat (inside) 1 0.0.0.0 0.0.0.0


route inside 0.0.0.0 0.0.0.0 x.x.x.x 1


timeout xlate 3:00:00


timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02


timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00


timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00


timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute


http server enable


http x.x.x.x 255.255.255.0 inside


no snmp-server location


no snmp-server contact


snmp-server enable traps snmp authentication linkup linkdown coldstart


telnet timeout 5


ssh timeout 5


console timeout 0


dhcpd auto_config outside


!


class-map inspection_default


match default-inspection-traffic


policy-map type inspect dns preset_dns_map

parameters


message-length maximum 512


policy-map global_policy


class inspection_default

inspect dns preset_dns_map


inspect ftp


inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

service-policy global_policy global

prompt hostname context

Cryptochecksum:e52521fc670d17fd33f3210e9e6f309c


: end

I think that there are something wrong with route command "route inside 0.0.0.0 0.0.0.0 x.x.x.x 1"
The administrator has disabled public write access.

Re: Cisco ASA 5505 Configuration help required 6 years 8 months ago #33456

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
I agree with tuanhs, try to replace the inside keyword with outside. Like this:

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

Also remember that the x.x.x.x here has to point to the IP at the other side of the outside interface. i.e your ISP IP or whatever is connected there.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
Time to create page: 0.096 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup