Hi,
i have here a ASA 5510 sec k9.
I build a Config with a DMZ,INSIDE and OUTSIDE Interface.
My Plan is to use the IP-Address of the OUTSIDE Interface with PORT to setup a HTTP Server In the DMZ
But my Config dossenĀ“t work.
ANd I have no Plan why .....
The Inside Interface have to work normal. The Traffic to the Internet is TRiggert from Inside with Dynamic PAT
ciscoasa(config)# exit
ciscoasa# show run
: Saved
:
ASA Version 8.4(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address <Fix IP-ADDRESS> 255.255.255.248
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 192.168.50.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
object network Inside
subnet 192.168.20.0 255.255.255.0
object network DMZ
subnet 192.168.50.0 255.255.255.0
object network HTTP-Server
host 192.168.50.2
object service HTTP-SERVERDMZ
service tcp source eq 5081 destination eq 5081
access-list outside_access_in extended permit object HTTP-SERVERDMZ any object HTTP-Server
access-list DMZ_access_in extended permit object HTTP-SERVERDMZ 85.16.134.72 255.255.255.248 object HTTP-Server
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (outside,DMZ) source static any any destination static DMZ HTTP-Server service HTTP-SERVERDMZ HTTP-SERVERDMZ
!
object network Inside
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 85.16.134.73 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
<--- More --->
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
<--- More --->
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
<--- More --->
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:273966ef24a6b1462a13d6d2dfe01279
ciscoasa#
Can someone Hep me
