cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
838
Views
0
Helpful
8
Replies

Simple question - How to configure a rule in ASA 5525

weichenberger1
Level 1
Level 1

I am a newbie to ASA configuration and need some assistance with configuring a rule to allow access to a particular site from inside our network.

 

We have an ASA 5525 cluster and I need a configuration that will allow our internal network 10.26.0.0/16 to an external site 198.38.xx.xx/32. Can anyone give me some pointers on how to configure this?

8 Replies 8

Issue the command "show run access-group" and look for the name of the access-list that is bound to your inside interface.

In that access-list you need an entry like the following:

access-list NAME permit ip 10.26.0.0 255.255.0.0 host 198.38.x.x

It could be improved by configuring or using objects for you internal network and the server:

object NAME-OF-YOUR-INTERNAL-NET
 subnet 10.26.0.0 255.255.0.0
object network NAME-OF-THE-SERVER
 host 198.38.xx.xx
!
access-list NAME permit ip object NAME-OF-YOUR-INTERNAL-NET object NAME-OF-THE-SERVER

Here is the output. Which access-list that is bound to my inside interface?

 

Firewall# show run access-group | in inside
access-group Inside_access_in in interface inside
access-group Inside_access_out out interface inside

 

 

 

If you can reach other systems on the internet, it's very likely that you don't need any additional NAT.

The name of the access-list is "Inside_access_in". That needs the new line.

 

I configured the following and still unable to access the site from inside our network. Also, I am unable to ping it.

 

access-list Inside_access_out permit ip object obj-10.26.0.0-02 object obj-reportssite

object network obj-10.26.0.0-02

  subnet 10.26.0.0 255.255.0.0

access-list Inside_access_out extended permit ip object obj-10.26.0.0-02 object obj-reportssite

  host 198.38.82.23

It's "inside_access_in", not "inside_access_out".

Config as below and still unable to ping or http to external IP address.

 

object network obj-10.26.0.0-02

  subnet 10.26.0.0 255.255.0.0

object network obj-reports

 host 198.38.xx.xx

access-list Inside_access_in extended permit ip object obj-10.26.0.0-02 object obj-reports

 

please post your config (without passwords) to see what's going wrong.

Also, what are NATing? Do I need any?

Review Cisco Networking for a $25 gift card