cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

146
Views
0
Helpful
2
Replies

Cisco ASA configuration issue

Hi Freinds,

i am implemented one scenario which can be reviewed in the diagram below  , in which i have two firewalls,  internal firewall and external firewall , i am doubt about the policy which i applied on my ASA's , which are not working properly , i expect support community experts can review and let me know where is my mistake , please friends i am little confuse so need clarification . with configuration as attached text file.

model for firewall is ASA 5505. Notes

Internal Firewall Network -

a) Inside network - 10.10.250.0/24

b) inside1 network - 10.10.101.0/24

c) voice  network - 10.10.120.0/24

d) dmz network - 10.10.100.0/24

e) outside network - 10.10.251.0/24

External Firewall Network -

a) Inside network - 10.10.251.0 /24

b) dmz network - 10.10.150.0/24

c) outside network - 10.10.249.0 /24

Both Firewall Policies

 1) Allow Access for User zones(inside) to Internet only for https , http & DNS .

 2) Allow Acces for User Zones (inside ) to internal server (On inernal Firewall) & Vice versa for dns , exchange services , rdp , active directory         both TCP /UDP.

3) Allow Lab User (inside1) to only internet (on internal firewall ) , deny all access to any other zone.

4) Allow server to inside User zone (Internal Firewall) only for Active directory and dns ports.

5)  Allow Acces for User Zones (inside ) to External server (On External Firewall) & Vice versa for dns , exchange services , rdp , active directory         both TCP /UDP.

6) Whenever Inside User zone access server on internal firewall or external firewall should use same source ip , no natting.

2 REPLIES 2
Simon Brooks
Beginner

Which bit isn't working?

Hi Simon ,

when I apply policy for inside LAN to the internet only to permit for HTTP,HTTPS, DOMAIN ,but  its allowing , all traffic 

when I apply policy for inside LAN to DMZ server and DMZ server to inside LAN still same , I am trying to open specific ports but still, all the traffic is being allowed , maybe I am missing something in my configuration .

Content for Community-Ad