Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
4
Replies

Need Help with ASA Firewall Config

pinoybot
Level 1
Level 1

‎11-30-2016 07:21 PM - edited ‎03-12-2019 01:36 AM

Hello All,

I am pretty new in the networking industry, I need some help with the following commands.

I bought a used firewall to play with and found this configuration:

static (inside,outside) 10.17.1.5 10.17.1.5 netmask 255.255.255.255 <-- I thought this is wrong but can someone help explain this if it's correct?

access-list OUTSIDE extended permit ip host 10.99.1.8 host 10.17.1.31 <- This one confuses me big time, OUTSIDE but it seems both are inside local address?


access-list OUTSIDE extended permit tcp any host 10.17.1.1 eq telnet <- Does this simply means any outside host can communicate to 10.17. using telnet?

Please help and thank you in advance! Have a great day everyone!

Labels:
0 Helpful
4 Replies 4

cofee
Level 5
Level 5

‎11-30-2016 08:54 PM

static (inside,outside) 10.17.1.5 10.17.1.5 netmask 255.255.255.255 <-- I thought this is wrong but can someone help explain this if it's correct? - This NAT rule is valid. It's called Identity NAT. Real IP gets translated to the same address no translation takes place in this NAT rule.

access-list OUTSIDE extended permit ip host 10.99.1.8 host 10.17.1.31 <- This one confuses me big time, OUTSIDE but it seems both are inside local address? -  Don't be confused with the word Outside, it doesn't always mean internet. For example you have this firewall and you can name its interfaces whatever you like. These are just two separate networks connected to this firewall.


access-list OUTSIDE extended permit tcp any host 10.17.1.1 eq telnet <- Does this simply means any outside host can communicate to 10.17. using telnet? That's correct

Please let me know if this answers your question.

0 Helpful

pinoybot
Level 1
Level 1
In response to cofee

‎12-01-2016 07:32 AM

Cofee I really appreciate your input! Thanks a lot!

0 Helpful

pinoybot
Level 1
Level 1
In response to cofee

‎12-01-2016 07:34 AM

access-list OUTSIDE extended permit ip host 10.99.1.8 host 10.17.1.31 <- This one confuses me big time, OUTSIDE but it seems both are inside local address? -  Don't be confused with the word Outside, it doesn't always mean internet. For example you have this firewall and you can name its interfaces whatever you like. These are just two separate networks connected to this firewall.

The above statement is just allowing 10.99.1.8 to reach10.17.1.31? Is that correct?

0 Helpful

cofee
Level 5
Level 5
In response to pinoybot

‎12-01-2016 07:44 AM

That's correct.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card