08-27-2015 01:13 PM - edited 03-11-2019 11:30 PM
I have configure this on my ASA 5505. i would like to migrate to ASA 5512 which uses ASA Version 9.1 (2)
Can somebody help me convert this for latest software
name 192.168.2.50 Email_Gateway
access-list dmz_access_in remark ClearSwift TRUSTmanager Reputations server &
access-list dmz_access_in remark Broadcasting of greylisting data to peer Gateway
access-list dmz_access_in extended permit udp host Email_Gateway any eq 8007
access-list dmz_access_in remark ClearSwift TRUSTmanager Reputations server &
access-list dmz_access_in extended permit udp host Email_Gateway any eq 19200
access-list dmz_access_in remark DMZ DNS Outbound HTTPS
access-list dmz_access_in remark Broadcasting of greylisting data to peer Gateway
access-list dmz_access_in remark NTP Email Gateway
access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 host FileServer_DNS eq ntp
access-list dmz_access_in remark FTP
access-list dmz_access_in extended permit tcp host Email_Gateway host FileServer_DNS eq ftp
access-list dmz_access_in remark ldap
access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 host 192.168.2.78
access-list dmz_access_in remark ldap
access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
access-list dmz_access_in remark HTTP for Email_Gateway
access-list dmz_access_in extended permit object-group TCPUDP host Email_Gateway host FileServer_DNS object-group DNS
access-list dmz_access_in remark HTTP for Email_Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway host FileServer_DNS eq ldap
access-list dmz_access_in remark LDAP Communication for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 host 192.168.2.78 object-group DM_INLINE_TCP_1
access-list dmz_access_in remark DMZ DNS Forwarding to Outside for Email Gateway
access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to Outside for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS FTP for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq ftp
access-list dmz_access_in remark HTTP for Email_Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 host 192.168.2.78 eq www inactive
access-list dmz_access_in remark isa to plims1 vote portal
access-list dmz_access_in extended permit tcp host 192.168.2.20 host 192.168.2.10 eq 8200
access-list dmz_access_in extended permit udp host 192.168.2.101 host 99.99.99.1 eq ntp
access-list dmz_access_in remark HTTPS access to the Clearswift Update Server
access-list dmz_access_in extended permit tcp Inside_Subnet 255.255.255.0 gt 1023 host Email_Gateway eq https inactive
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in extended permit udp host PublicDNS object-group InternetDNS object-group DNS
access-list dmz_access_in remark For Email Gateway
access-list dmz_access_in extended permit icmp host Email_Gateway host 99.99.99.1
access-list dmz_access_in remark ISA
access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
access-list dmz_access_in extended permit tcp host Email_Gateway host 192.168.2.77 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
access-list dmz_access_in extended permit tcp host Email_Gateway host Exch10 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
access-list dmz_access_in extended permit tcp host Email_Gateway host Palpha eq smtp
access-list dmz_access_in remark DMZ EMail Gateway outbound delivery
access-list dmz_access_in extended permit tcp host Email_Gateway any eq smtp
access-list dmz_access_in remark DMZ DNS Outbound HTTPS for Email Gateway
access-list dmz_access_in extended permit udp host Email_Gateway object-group EmailGateway any eq 8007
access-list dmz_access_in remark DMZ DNS Outbound HTTPS for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq https
access-list dmz_access_in remark for ISA
access-list dmz_access_in extended permit tcp host 192.168.2.20 gt 1023 any eq www
access-list dmz_access_in remark for ISA
access-list dmz_access_in extended permit tcp host 192.168.2.20 gt 1023 any eq https
static (dmz,outside) 99.99.99.13 Email_Gateway netmask 255.255.255.255
static (inside,outside) 99.99.99.32 Exch10 netmask 255.255.255.255
08-29-2015 11:20 AM
Hi,
Refer following doc for migration of hardware to ASA5500-x.
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/guide_c07-727453.html
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide