06-16-2011 06:27 AM - edited 03-11-2019 01:46 PM
Hi,
I have an ASA 5510 and I can not configure fine.
My problem is that I have 10 public address connected to ASA and each public address is redirectioned to an internal IP address.
An of these public address is the ip address of mi ASA.
I need help for configure and access-list and an NAT, the others I will configure.
interface Ethernet0/0
description Interface_WAN_World-Ttrends
speed 100
duplex full
nameif outside
security-level 0
ip address 84.88.36.3 255.255.254.0
!
interface Ethernet0/1
description Interface_LAN_Ttrends-World
speed 100
duplex full
nameif inside
security-level 100
ip address 10.0.0.252 255.255.254.0
!
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
Thanks
Solved! Go to Solution.
07-04-2011 07:43 AM
Hi Daniel,
Try this: assign static IPs to the source and destination hosts(in the 10.0.0.0/24 range) and then test. Make sure you have the correct static NAT for the destination IP. Take packet captures on the inside interface. Enable syslogs and post them here.
Regards,
Anu
07-05-2011 01:00 AM
Hi Anu,
Mi internal IP address is 10.0.0.52 and I try access to public IP address 84.88.36.7.
The live log says:
6|Jul 05 2011 09:49:07|302013: Built outbound TCP connection 43704 for outside:84.88.36.7/443 (84.88.36.7/443) to inside:10.0.0.52/64913 (84.88.36.3/8664)
6|Jul 05 2011 09:49:04|302013: Built inbound TCP connection 43703 for outside:195.10.10.59/55659 (195.10.10.59/55659) to inside:10.0.0.124/3202 (84.88.36.7/3202)
6|Jul 05 2011 09:49:04|302013: Built outbound TCP connection 43702 for outside:84.88.36.7/443 (84.88.36.7/443) to inside:10.0.0.52/64912 (84.88.36.3/8663)
6|Jul 05 2011 09:48:46|302013: Built outbound TCP connection 43701 for outside:84.88.36.7/443 (84.88.36.7/443) to inside:10.0.0.52/64911 (84.88.36.3/8662)
6|Jul 05 2011 09:48:46|302013: Built outbound TCP connection 43700 for outside:84.88.36.7/443 (84.88.36.7/443) to inside:10.0.0.52/64910 (84.88.36.3/8661)
7|Jul 05 2011 09:48:46|609001: Built local-host outside:84.88.36.7
7|Jul 05 2011 09:48:37|609002: Teardown local-host outside:84.88.36.7 duration 0:00:51
6|Jul 05 2011 09:48:37|302014: Teardown TCP connection 43682 for outside:84.88.36.7/443 to inside:10.0.0.52/64894 duration 0:00:30 bytes 0 SYN Timeout
Thanks
07-05-2011 03:47 AM
Hi Daniel,
What is the private IP address of the PC from which you are trying to access 84.88.36.7 internally? Also, did you assign static IPs to the source and destination hosts?
Regards,
Anu
07-07-2011 03:43 AM
Hi Anu,
My private address is 10.0.0.52.
"Also, did you assign static IPs to the source and destination hosts?"
No, I want to acces to all public IP addresses from all my network.
The 10.0.0.52 address is an example.
Thanks
Daniel
07-11-2011 01:05 AM
Hi Anu,
Last saturday I migrated all rules to ASA and all.
Only I have a problem. Access to Public IP addresses from inside network.
Can you help me?
Thanks
07-11-2011 01:48 AM
Hi Daniel,
Can you provide the show run from the new firewall, as well as the ip address of the server you are trying to access and from which interface you are trying to access??
Thanks,
Varun
07-11-2011 02:00 AM
07-11-2011 02:08 AM
Hi Daniel,
Let me give you one example, you can configure the rest similarly
static (inside,inside) 84.88.36.6 10.0.0.123 norand nailed
Similarly you can configure it for the rest of the servers and it should work.
Let me know if this works
Thanks,
Varun
07-11-2011 02:40 AM
Hi,
I configured your commands but doesn't work.
static (inside,inside) 84.88.36.6 10.0.0.123 netmask 255.255.255.255 norandomseq nailed
What happens!!!!!! Grrrr!
07-11-2011 02:55 AM
Hi Daniel,
Can you enable this command as well:
sysopt noproxyarp inside
if it still doesnt work, kindly provide me the output of the following:
packet-tracer input inside tcp 10.0.0.1 2345 84.88.36.6 80 detailed
Thanks,
Varun
07-11-2011 06:16 AM
Hi Varun,
Doesn't work and I can not put packet-tracer command.
Via ASDM I view this:
6|Jul 11 2011 15:03:17|302013: Built inbound TCP connection 99016 for outside:84.88.36.8/45176 (84.88.36.8/45176) to inside:10.0.0.123/80 (84.88.36.6/80)
6|Jul 11 2011 15:05:06|302014: Teardown TCP connection 99043 for inside:10.0.0.63/52301 to inside:10.0.0.123/443 duration 0:00:00 bytes 0 Flow is a loopback
6|Jul 11 2011 15:05:00|302014: Teardown TCP connection 99042 for inside:10.0.0.63/52301 to inside:10.0.0.123/443 duration 0:00:00 bytes 0 Flow is a loopback
6|Jul 11 2011 15:04:57|302014: Teardown TCP connection 99041 for inside:10.0.0.63/52301 to inside:10.0.0.123/443 duration 0:00:00 bytes 0 Flow is a loopback
Mi IP is 10.0.0.63
IP inside server is 10.0.0.123
IP public server is 84.88.36.6
Thanks
07-11-2011 06:40 AM
Hi Daniel,
Can you pull the latest show run output from the firewall and provide it to me. Are you trying to access the server using the Public IP address, because the logs show me the private IP instead of Public ip?
Thanks,
Varun
07-11-2011 07:38 AM
07-11-2011 10:09 AM
Hi Daniel,
If that is the case, then i guess we would need to take captures on the ASA:
access-list cap permit ip host 10.0.0.63 host 84.88.36.6
access-list cap permit ip host 84.88.36.6 host 10.0.0.63
access-list cap permit ip host 10.0.0.63 host 10.0.0.123
access-list cap permit ip host 10.0.0.123 host 10.0.0.63
capture capin access-list cap interface inside
try accessing the server after that, and check "show capture", plz provide the output.
To summarize everything, you should have the above commands enabled on ASA:
static (inside,inside) 84.88.36.6 10.0.0.123 norand nailed
sysopt noproxyarp inside
same-security-traffic permit intra-interface
after that collect the output.
Thanks,
Varun
07-12-2011 02:44 AM
Hi,
The result is the same. I paste the output:
ttrendsASA(config)# sh capture capin
18 packets captured
1: 11:34:31.978327 10.0.0.63.63575 > 84.88.36.6.80: S 1040445759:1040445759(0) win 8192
2: 11:34:31.978510 10.0.0.63.63574 > 84.88.36.6.80: S 1455068754:1455068754(0) win 8192
3: 11:34:34.979578 10.0.0.63.63575 > 84.88.36.6.80: S 1040445759:1040445759(0) win 8192
4: 11:34:34.981562 10.0.0.63.63574 > 84.88.36.6.80: S 1455068754:1455068754(0) win 8192
5: 11:34:40.976740 10.0.0.63.63574 > 84.88.36.6.80: S 1455068754:1455068754(0) win 8192
6: 11:34:40.981653 10.0.0.63.63575 > 84.88.36.6.80: S 1040445759:1040445759(0) win 8192
7: 11:34:52.983362 10.0.0.63.63577 > 84.88.36.6.80: S 2560066600:2560066600(0) win 8192
8: 11:34:55.984461 10.0.0.63.63577 > 84.88.36.6.80: S 2560066600:2560066600(0) win 8192
9: 11:35:01.980570 10.0.0.63.63577 > 84.88.36.6.80: S 2560066600:2560066600(0) win 8192
10: 11:35:26.357678 10.0.0.63.63589 > 84.88.36.6.80: S 2893740273:2893740273(0) win 8192
11: 11:35:26.357967 10.0.0.63.63590 > 84.88.36.6.80: S 1238314767:1238314767(0) win 8192
12: 11:35:29.357617 10.0.0.63.63589 > 84.88.36.6.80: S 2893740273:2893740273(0) win 8192
13: 11:35:29.361614 10.0.0.63.63590 > 84.88.36.6.80: S 1238314767:1238314767(0) win 8192
14: 11:35:35.360744 10.0.0.63.63590 > 84.88.36.6.80: S 1238314767:1238314767(0) win 8192
15: 11:35:35.361706 10.0.0.63.63589 > 84.88.36.6.80: S 2893740273:2893740273(0) win 8192
16: 11:35:47.363460 10.0.0.63.63608 > 84.88.36.6.80: S 636176705:636176705(0) win 8192
17: 11:35:50.360454 10.0.0.63.63608 > 84.88.36.6.80: S 636176705:636176705(0) win 8192
18: 11:35:56.361645 10.0.0.63.63608 > 84.88.36.6.80: S 636176705:636176705(0) win 8192
18 packets shown
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide