Cisco ASA 5505 8.0(2) DMZ Server issues

drexthe01 — Tue, 12 Mar 2019 03:22:36 GMT

I am having some issues getting the dmz server up and running.

I have internet access from inside.

I would like internet access from dmz.

Also outside to dmz.

I have tried adding static routes and configuring the ACL to no avail. I know this is pre-8.3; so I couldn't find any nat examples before the change.

Here is my current config:

: Saved

ASA Version 8.0(2)

hostname ciscoasa

enable password -------- encrypted

names

interface Vlan1

nameif inside

security-level 100

ip address 100.200.301.1 255.255.255.0

interface Vlan2

nameif outside

security-level 0

ip address 100.200.300.18 255.255.255.240

interface Vlan3

no forward interface Vlan1

nameif dmz

security-level 50

ip address 10.10.10.1 255.255.255.0

interface Ethernet0/0

switchport access vlan 2

interface Ethernet0/1

interface Ethernet0/2

switchport access vlan 3

interface Ethernet0/3

interface Ethernet0/4

shutdown

interface Ethernet0/5

shutdown

interface Ethernet0/6

shutdown

interface Ethernet0/7

shutdown

passwd -------- encrypted

boot system disk0:/asa803-k8.bin

ftp mode passive

pager lines 24

logging enable

logging buffer-size 30000

logging buffered debugging

mtu inside 1500

mtu outside 1500

mtu dmz 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-602.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 100.200.301.0 255.255.255.0

route outside 0.0.0.0 0.0.0.0 100.200.300.17 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http 100.200.301.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

telnet timeout 5

ssh 100.200.300.18 255.255.255.255 outside

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

class-map inspection_default

match default-inspection-traffic

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

service-policy global_policy global

username admin password xxxxxencrypted privilege 15

prompt hostname context

Cryptochecksum----------

: end

asdm image disk0:/asdm-602.bin

no asdm history enable

Cisco ASA 5505 8.0(2) DMZ Server issues

fb_webuser — Sun, 29 Dec 2013 14:03:29 GMT

you need NAT. By default internet access from inside and DMZ will work. Higher security level. Inside to DMZ as well.

In CLI: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/ime/8_0_2/config/asa.html

Google is your friend

And also upgrade to 8.2.(5). 8.0(2) is very buggie...

---

Posted by WebUser Erik Boss from Cisco Support Community App

topic Cisco ASA 5505 8.0(2) DMZ Server issues in Network Security

Cisco ASA 5505 8.0(2) DMZ Server issues

Cisco ASA 5505 8.0(2) DMZ Server issues