GremlinHunter
Programmer
I am trying to set up our ASA to allow inbound connections to some internal web servers. At the moment I am just trying to get anything from outside inside and having little luck doing it.
The following config keeps throwing "No transaction group found for tcp ..." which makes sense since I do not have a NAT set for outside -> inside. However if I setup a port translation like "nat (ouside) 5 xxx.yyy.0.0 255.255.128.0 outside" I still can not get any inbound and lose my outbound connections to boot. Can anyone tell me what I am missing here?
config:
The following config keeps throwing "No transaction group found for tcp ..." which makes sense since I do not have a NAT set for outside -> inside. However if I setup a port translation like "nat (ouside) 5 xxx.yyy.0.0 255.255.128.0 outside" I still can not get any inbound and lose my outbound connections to boot. Can anyone tell me what I am missing here?
config:
Code:
mtu management 1500
ip local pool OUTSIDE xxx.yyy.100.2 mask 255.255.128.0
no failover
monitor-interface outside
monitor-interface inside
monitor-interface management
asdm image disk0:/asdm504.bin
no asdm history enable
arp timeout 14400
global (outside) 10 interface
global (inside) 5 interface
nat (inside) 10 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.yyy.100.250 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.12.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:76ede7627cb9b9dfcfaeba6329a5bacf
: end