Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Cisco ASA 5505 Configuration help required

Cisco ASA 5505 Configuration help required 8 years 7 months ago #33314

I am trying to configure asa in my office.This is my first time only so i refered some sites & was trying to configure it.But it is not allowing http traffic to pass.I am posting my config for your reference.Pls help

ASA Version 7.2(4)
!
hostname Firewall

domain-name default.domain.invalid

enable password 6a3buQitz5ajvb6A encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address x.x.x.x 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address x.x.x.x 255.255.255.240

!

interface Vlan3

shutdown

nameif dmz

security-level 50

no ip address



interface Ethernet0/0


switchport access vlan 2


!


interface Ethernet0/1


!



ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS

name-server x.x.x.x

name-server x.x.x.x

domain-name default.domain.invalid


same-security-traffic permit inter-interface


same-security-traffic permit intra-interface


access-list 102 extended permit icmp any any echo-reply


access-list 102 extended permit tcp any any eq www


access-list 102 extended permit tcp any any eq telnet


access-list 102 extended permit tcp any any eq smtp


access-list 102 extended permit tcp any any eq pop3


access-list 102 extended permit tcp any any eq ftp


access-list 102 extended permit tcp any any eq ftp-data


logging enable


logging asdm informational


mtu inside 1500


mtu outside 1500

mtu dmz 1500

no failover


icmp unreachable rate-limit 1 burst-size 1


asdm image disk0:/asdm-524.bin


no asdm history enable


arp timeout 14400


global (outside) 1 interface


nat (inside) 1 0.0.0.0 0.0.0.0


route inside 0.0.0.0 0.0.0.0 x.x.x.x 1


timeout xlate 3:00:00


timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02


timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00


timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00


timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute


http server enable


http x.x.x.x 255.255.255.0 inside


no snmp-server location


no snmp-server contact


snmp-server enable traps snmp authentication linkup linkdown coldstart


telnet timeout 5


ssh timeout 5


console timeout 0


dhcpd auto_config outside


!


class-map inspection_default


match default-inspection-traffic


policy-map type inspect dns preset_dns_map

parameters


message-length maximum 512


policy-map global_policy


class inspection_default

inspect dns preset_dns_map


inspect ftp


inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

service-policy global_policy global

prompt hostname context

Cryptochecksum:e52521fc670d17fd33f3210e9e6f309c


: end

Re: Cisco ASA 5505 Configuration help required 8 years 6 months ago #33387

Thanks for taking the time to help, I really apprciate it.

Re: Cisco ASA 5505 Configuration help required 8 years 6 months ago #33405

I am trying to configure asa in my office.This is my first time only so i refered some sites & was trying to configure it.But it is not allowing http traffic to pass.I am posting my config for your reference.Pls help

ASA Version 7.2(4)
!
hostname Firewall

domain-name default.domain.invalid

enable password 6a3buQitz5ajvb6A encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address x.x.x.x 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address x.x.x.x 255.255.255.240

!

interface Vlan3

shutdown

nameif dmz

security-level 50

no ip address



interface Ethernet0/0


switchport access vlan 2


!


interface Ethernet0/1


!



ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS

name-server x.x.x.x

name-server x.x.x.x

domain-name default.domain.invalid


same-security-traffic permit inter-interface


same-security-traffic permit intra-interface


access-list 102 extended permit icmp any any echo-reply


access-list 102 extended permit tcp any any eq www


access-list 102 extended permit tcp any any eq telnet


access-list 102 extended permit tcp any any eq smtp


access-list 102 extended permit tcp any any eq pop3


access-list 102 extended permit tcp any any eq ftp


access-list 102 extended permit tcp any any eq ftp-data


logging enable


logging asdm informational


mtu inside 1500


mtu outside 1500

mtu dmz 1500

no failover


icmp unreachable rate-limit 1 burst-size 1


asdm image disk0:/asdm-524.bin


no asdm history enable


arp timeout 14400


global (outside) 1 interface


nat (inside) 1 0.0.0.0 0.0.0.0


route inside 0.0.0.0 0.0.0.0 x.x.x.x 1


timeout xlate 3:00:00


timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02


timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00


timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00


timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute


http server enable


http x.x.x.x 255.255.255.0 inside


no snmp-server location


no snmp-server contact


snmp-server enable traps snmp authentication linkup linkdown coldstart


telnet timeout 5


ssh timeout 5


console timeout 0


dhcpd auto_config outside


!


class-map inspection_default


match default-inspection-traffic


policy-map type inspect dns preset_dns_map

parameters


message-length maximum 512


policy-map global_policy


class inspection_default

inspect dns preset_dns_map


inspect ftp


inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

service-policy global_policy global

prompt hostname context

Cryptochecksum:e52521fc670d17fd33f3210e9e6f309c


: end


I think that there are something wrong with route command "route inside 0.0.0.0 0.0.0.0 x.x.x.x 1"

Re: Cisco ASA 5505 Configuration help required 8 years 6 months ago #33456

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1577
  • Karma: 3
  • Thank you received: 7
I agree with tuanhs, try to replace the inside keyword with outside. Like this:

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

Also remember that the x.x.x.x here has to point to the IP at the other side of the outside interface. i.e your ISP IP or whatever is connected there.
  • Page:
  • 1
Time to create page: 0.159 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup