5506X Firewall not working

xxturboxx05 · ‎01-07-2025

Before I say anything, I would like to say that I just started using packet tracer and barely know how to use it thanks to my professor being bad at teaching. Now to my problem, my firewall is not allowing packets to go through in or out and I have been wondering why but I can't fix it. I added rules to allow transfers of data through it but it still won't let anything in or out so I'm left confused

!
hostname BBSNsecurity
enable password ******* encrypted
names
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 15.50.1.1 255.255.255.0
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet1/3
nameif dmz
security-level 70
ip address 192.168.50.1 255.255.255.0
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
shutdown
!
object network dmz-server
host 192.168.50.2
nat (dmz,outside) static 15.50.1.2
object network inside-net
subnet 192.168.100.0 255.255.255.0
nat (inside,outside) dynamic interface
!
route outside 0.0.0.0 0.0.0.0 15.50.1.2 1
!
access-list outside_to_dmz extended permit tcp any host 15.50.1.2 eq www
access-list outside_to_dmz extended permit tcp any host 15.50.1.2 eq 443
access-list inside_access_out extended permit ip any any
access-list 100 extended permit ip any any
!
!
access-group outside_to_dmz in interface outside
access-group 100 in interface inside
access-group inside_access_out out interface inside
!
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect icmp
inspect tftp
!
service-policy global_policy global
!
telnet timeout 5
ssh timeout 5
!
dhcpd address 192.168.100.10-192.168.100.100 inside
dhcpd enable inside
!
!
!
!

Flavio Miranda · ‎01-07-2025

@xxturboxx05

Seems your problem goes byond firewall. Your DMZ server IP address is wrong. They need to be on the same range as the firewall DMZ interface.

The connection between the Firewall on outside interface and the Router1 seems not to work. The interface on the router side, is not good. I believe you should take a different interface. You probably installed module interfaces on the router and may took a wrong module.

Use NAT on the firewall only if your professor strictly asked you to. You dont need NAT.

Your firewall is protected with password.

Flavio Miranda · ‎01-07-2025

I have worked a little bit on your project but I had to replace your firewall as I dont have the password.

I had to make some changes on the routing part and on the router1 config. For now, you can ping from the PC in the green area to the DMZ and access the web server.

The new firewall I added to the topology does not use NAT. It only have route and Access List, for simplicity.

The router1 must have route pointing to the DMZ network using the firewall as gateway. This very same route must be advertised on the RIP protocol in order to the other router know how to reach the DMZ.

You can check all that on the file attached.