Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
4
Replies

Problem with DMZ

Onkar Ghaisas
Level 1
Level 1

‎10-11-2013 02:06 PM - edited ‎03-11-2019 07:51 PM

Hi all,

I am practising Firewall on GNS3. I have natted DMZ server to Outside IP. I have written an access-list saying permit any source from outside network can telnet a host on DMZ. When I do packet trace from ASDM it works perfectly, even hits access-list . but when I try to telnet host it fails. Rather it never hits access-list in that case. What could be the reason?

Labels:
0 Helpful
4 Replies 4

Marius Gunnerud
VIP
VIP

‎10-22-2013 05:25 AM

Are you still having issues with this?

If so there is a multitude of things that could be happening.  When you say you are have natted the server to the outside IP, are you using PAT natting to only port 23?  have you open only for telnet in the ACL on the outside interface?  are you sure that your device on the outside interface is sending on port 23?  Have you verified that the traffic is actually being NATed?

Another possibility is that this could be a virtualization issue and that deleting the ASA from GNS3 and recreating it will solve the issue.

Would be useful to see a network diagram and the running config if  you still need help.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

andduart
Level 1
Level 1
In response to Marius Gunnerud

‎10-22-2013 03:22 PM

Hi,

You can send the packet-tracer output to check the results using CLI, the show run nat output and the acl used in the outside are useful as well. Now, what is the software version used in the ASA? If you use bellow 8.3 the ACL should use your outside ip address from the outside, now if you use 8.3 or later, the ACL should use the 'real ip' of the Server

If everything looks fine maybe there is a virtualization issue....

0 Helpful

Onkar Ghaisas
Level 1
Level 1

‎10-27-2013 05:14 AM

Hi both of you.

I guess it was problem wiith simulation. I used servers instead of routers. Now it is working. And yes, I was using real ip address in acls and translated ip to check them. Well, Thanks for concern. As of now everything is working fine.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Onkar Ghaisas

‎10-27-2013 05:56 AM

Glad you got it working.

Please rate any helpful posts.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card