01-30-2008 01:14 PM - edited 03-11-2019 04:56 AM
I've got a 5510 and I'm having a problem trying to get internet access from my development boxes and was hoping someone could take a look at what I have wrong here.
I'm trying to forward www, https, and 3690 from the outside - PAT to my dmz, ssh to my cluster from the outside, and get internet access from
within development network.
Any help much appreciated.
---
name 192.168.3.0 DEV_NET
name 192.168.4.0 DMZ_NET
name 192.168.2.0 CLUSTER_NET
name 199.199.xxx.14 MY_WAN_IP
interface Ethernet0/0
nameif outside
security-level 0
ip address MY_WAN_IP 255.255.255.0
!
interface Ethernet0/1
nameif dmz
security-level 20
ip address 192.168.4.1 255.255.255.0
!
interface Ethernet0/2
nameif cluster
security-level 60
ip address 192.168.2.1 255.255.255.0
!
interface Ethernet0/3
nameif development
security-level 80
ip address 192.168.3.1 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
object-group service DMZ_SERVICES tcp
port-object eq www
port-object eq https
port-object eq 3690
object-group service ALL_SERVICES tcp
port-object eq www
port-object eq https
port-object eq 3690
port-object eq ssh
access-list DEV_ACCESS extended permit ip any any
access-list SSH_ACCESS extended permit tcp any any eq ssh
access-list ALL_ACCESS extended permit tcp any any object-group ALL_SERVICES
access-list DMZ_ACCESS extended permit tcp any interface dmz
object-group DMZ_SERVICES
nat-control
global (outside) 1 interface
nat (dmz) 1 DMZ_NET 255.255.255.0
nat (cluster) 1 CLUSTER_NET 255.255.255.0
nat (development) 1 DEV_NET 255.255.255.0
static (cluster,outside) tcp interface ssh 192.168.2.10 ssh netmask
255.255.255.255
static (dmz,outside) tcp interface www 192.168.4.10 www netmask 255.255.255.255
static (dmz,outside) tcp interface https 192.168.4.10 https netmask
255.255.255.255
static (dmz,outside) tcp interface 3690 192.168.4.10 3690 netmask
255.255.255.255
static (management,development) MGMT_NET MGMT_NET netmask 255.255.255.0
static (management,cluster) MGMT_NET MGMT_NET netmask 255.255.255.0
static (management,dmz) MGMT_NET MGMT_NET netmask 255.255.255.0
static (development,cluster) DEV_NET DEV_NET netmask 255.255.255.0
static (development,dmz) DEV_NET DEV_NET netmask 255.255.255.0
static (cluster,development) CLUSTER_NET CLUSTER_NET netmask 255.255.255.0
static (development,outside) DEV_NET DEV_NET netmask 255.255.255.0
access-group DMZ_ACCESS in interface dmz
access-group SSH_ACCESS in interface cluster
access-group ALL_ACCESS in interface outside
access-group DEV_ACCESS out interface development
route outside 0.0.0.0 0.0.0.0 199.199.xxx.1 1
01-31-2008 01:08 PM
Hi,
Try this:
no static (development,outside) DEV_NET DEV_NET netmask 255.255.255.0
Your development network should now have access to the internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide