09-27-2012 12:03 PM - edited 03-11-2019 05:00 PM
Output of: packet-tracer input outside tcp my.current.ip.address ftp 192.168.6.1 ftp
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.6.0 255.255.255.0 DMZ
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: DMZ
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Output of packet-tracer input outside tcp my.current.ip.address ftp 192.168.6.1 ftp
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.6.0 255.255.255.0 DMZ
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: DMZ
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
packet-tracer input outside tcp my.current.ip.address ftp public.ip.add.ress ftp
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in public.ip.add.ress 255.255.255.255 identity
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Output of: sh run nat
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.1.128_27 NETWORK_OBJ_192.168.1.128_27 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.254.0_28 NETWORK_OBJ_192.168.254.0_28 no-proxy-arp route-lookup
nat (outside,outside) source dynamic NET-VPNPOOL interface
!
object network obj_any
nat (inside,outside) dynamic interface
object network inside-net
nat (inside,outside) dynamic interface
object network dmz-ftpserver
nat (DMZ,outside) static interface service tcp ftp ftp
object network dmz-webserver
nat (DMZ,outside) static interface service tcp www www
output of: sh running-config access-list
access-list outside_access_in extended permit tcp any host 192.168.6.1 eq ftp
access-list outside_access_in extended permit tcp any host 192.168.6.2 eq www
access-list VPN-INSIDE-SPORT_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
Output of: sh running-config object network
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside-net
subnet 192.168.1.0 255.255.255.0
object network NETWORK_OBJ_10.10.10.0_28
subnet 10.10.10.0 255.255.255.240
object network NETWORK_OBJ_192.168.1.128_27
subnet 192.168.1.128 255.255.255.224
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network NETWORK_OBJ_192.168.254.0_28
subnet 192.168.254.0 255.255.255.240
object network dmz-ftpserver
host 192.168.6.1
description FTP server Host Object
object network dmz-webserver
host 192.168.6.2
description Web Server Host Object
output of: sh running-config route
route outside 0.0.0.0 0.0.0.0 public.ip.add.ress 1
The version is asa 8.4(2), and the box is a 5505.
Solved! Go to Solution.
09-27-2012 01:47 PM
yeap excellent.. and thanks for rating me
Harish.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide