Greetings,
I am new to the PIX / ASA hardware and I am trying to setup our new ASA to allow traffic to our web server. We have 8 IP's 209.x.x.112 255.255.255.248.
Our edge router is 209.x.x.113 and the ASA external interface is 209.x.x.118. I am wanting to use 209.x.x.119 as our main site IP and have all web traffic go to an internal IP of 192.168.10.36
Traffic is getting to the ASA on both 209.x.x.118 and 209.x.x.119 because I can ping the 118 and get ICMP Denied on the 119
I am trying to get the following flow
Internet host going to 209.x.x.119 translate / forward to 192.168.10.36
Once again this is my first run at a PIX / ASA Thank you in advance for any help.
ASA Version 7.2(1)
!
hostname ciscoasa
domain-name companyname.org
enable password abcdefg. encrypted
names
!
interface Ethernet0/0
nameif Inside
security-level 2
ip address 192.168.10.253 255.255.254.0
!
interface Ethernet0/1
nameif Outside
security-level 1
ip address 209.x.x.118 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.192.168 255.255.255.0
management-only
!
passwd abcdefg. encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name companyname.org
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list web extended permit tcp any host 209.x.x.119
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
mtu management 1500
asdm image disk0:/asdm521.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 209.x.x.119
nat (Inside) 1 192.168.10.0 255.255.254.0
static (Inside,Outside) 209.x.x.119 192.168.10.36 netmask 255.255.255.255
access-group web in interface Outside
route Inside 192.168.10.0 255.255.255.0 192.168.10.253 1
route Outside 0.0.0.0 0.0.0.0 209.x.x.113 tunneled
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.192.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.192.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect http
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:9c2ead3604473fd7697e05ead7eacabf
: end
I am new to the PIX / ASA hardware and I am trying to setup our new ASA to allow traffic to our web server. We have 8 IP's 209.x.x.112 255.255.255.248.
Our edge router is 209.x.x.113 and the ASA external interface is 209.x.x.118. I am wanting to use 209.x.x.119 as our main site IP and have all web traffic go to an internal IP of 192.168.10.36
Traffic is getting to the ASA on both 209.x.x.118 and 209.x.x.119 because I can ping the 118 and get ICMP Denied on the 119
I am trying to get the following flow
Internet host going to 209.x.x.119 translate / forward to 192.168.10.36
Once again this is my first run at a PIX / ASA Thank you in advance for any help.
ASA Version 7.2(1)
!
hostname ciscoasa
domain-name companyname.org
enable password abcdefg. encrypted
names
!
interface Ethernet0/0
nameif Inside
security-level 2
ip address 192.168.10.253 255.255.254.0
!
interface Ethernet0/1
nameif Outside
security-level 1
ip address 209.x.x.118 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.192.168 255.255.255.0
management-only
!
passwd abcdefg. encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name companyname.org
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list web extended permit tcp any host 209.x.x.119
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
mtu management 1500
asdm image disk0:/asdm521.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 209.x.x.119
nat (Inside) 1 192.168.10.0 255.255.254.0
static (Inside,Outside) 209.x.x.119 192.168.10.36 netmask 255.255.255.255
access-group web in interface Outside
route Inside 192.168.10.0 255.255.255.0 192.168.10.253 1
route Outside 0.0.0.0 0.0.0.0 209.x.x.113 tunneled
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.192.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.192.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect http
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:9c2ead3604473fd7697e05ead7eacabf
: end