Showing results for 
Search instead for 
Did you mean: 

HI friends i am facing issue regarding the hosting of an application on the firewall .

Dear friends i configure public ip on firewall interface ,and i have one more public ip for hosting of the sqp application publicly,so please how can i do this can any one let me know configuration is below.



Subnet Mask:

Gate Way ( Router IP ) :

Domain Name :

Server Local IP for Application:



ASA Version 8.2(5)



enable password lpW.MGeEHg0ISQZq encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Ethernet0/0

description Connected to TAD-Router G0/1

nameif outside

security-level 0

ip address


interface Ethernet0/1

description Connected to Cisco SMB Switch G1

nameif inside

security-level 100

ip address


interface Ethernet0/2


no nameif

no security-level

no ip address


interface Ethernet0/3


no nameif

no security-level

no ip address


interface Management0/0

nameif management

security-level 100

no ip address



banner login ********  RAQ FIREWALL ********

ftp mode passive

dns domain-lookup outside

dns server-group DefaultDNS





access-list split-tunnel standard permit

access-list nonat extended permit ip

access-list nonat extended permit ip

access-list Mename-Access extended permit tcp any host eq www

pager lines 24

logging enable

logging buffered debugging

logging asdm debugging

mtu outside 1500

mtu inside 1500

mtu management 1500

ip local pool sslvpnpool mask

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-702.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1

static (inside,outside) tcp interface www www netmask

access-group Mename-Access in interface outside


router rip


version 2


route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server TAD-AD protocol nt

aaa-server TAD-AD (inside) host

aaa authentication ssh console LOCAL

http server enable 444

http management

http outside

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet inside

telnet timeout 2

ssh outside

ssh inside

ssh timeout 20

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


enable outside

no anyconnect-essentials

svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

svc enable

tunnel-group-list enable

internal-password enable

group-policy sslvpn internal

group-policy sslvpn attributes

wins-server none

dns-server none

vpn-tunnel-protocol svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split-tunnel

default-domain value

group-policy DfltGrpPolicy attributes


  svc ask enable default webvpn timeout 30

username admin password s8Vngsgpp8NmOJP7 encrypted privilege 15

username cisco password HWFflA1bzYiq7Uut encrypted privilege 15

tunnel-group TAD-SSLV type remote-access

tunnel-group TAD-SSLV general-attributes

address-pool sslvpnpool

authentication-server-group TAD-AD LOCAL

default-group-policy sslvpn

tunnel-group TAD-SSLV webvpn-attributes

group-alias ssl enable

group-url enable


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options


service-policy global_policy global

prompt hostname context

no call-home reporting anonymous


: end


RAQ-Router#sho run

Building configuration...

Current configuration : 5623 bytes


! Last configuration change at 13:59:42 UTC Sat Sep 21 2013 by cisco

! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco

! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption


hostname TAD-Router






logging buffered 51200 warnings

enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY


no aaa new-model


no ipv6 cef

ip source-route

no ip cef






ip domain name

ip name-server

multilink bundle-name authenticated



crypto pki token default removal timeout 0


crypto pki trustpoint TP-self-signed-1513054491

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1513054491

revocation-check none

rsakeypair TP-self-signed-1513054491



crypto pki certificate chain TP-self-signed-1513054491

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31353133 30353434 3931301E 170D3132 30393236 31363239

  33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35313330

  35343439 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100AADE 6F39CF31 6832A80B DBCC6E4D 82AA4F8A B71E7118 50B53E0E FD94E7E9

  A6557FD6 30A099C0 D44E36BA 92CBE1EB 1C2789B6 A1260D38 B24637A5 255F18D7

  0B6F2B70 44CF0583 DADB7687 E4102B24 4FA18CDA 36A7CA2A 96F78C1C B92214D8

  087DC6D5 240F7449 DBC4AD01 17FBDC0A 9ECC24DF C7D57E33 9C9CF327 27F2A905

  78470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14D06F56 4B82A937 E11730CB BDEECF51 BDAE337F 98301D06

  03551D0E 04160414 D06F564B 82A937E1 1730CBBD EECF51BD AE337F98 300D0609

  2A864886 F70D0101 05050003 8181005A 297C5954 817B8D56 1443D1D5 B21DBA42

  F7EC486D B82CBA55 C2953C0E 756FAC1F B04C48C3 D208E4AF DE412F1C C4A97B38

  856AC4F2 A664C6CB 3E241FB6 4AD2DC4B BE5B4809 DE6269CC 0826E822 33F853B3

  3FE1E0E9 AA125902 C632B6E6 BE2EC625 0F7F2259 F408844B 9813429F 422EDBE0

  ADE0EA0D A2138291 D806C4F1 72C4A9


license udi pid CISCO2911/K9 sn FCZ1633771T



username bciscoadmin password 0 tadreesadmin

username cisco privilege 15 password 0 c1sc0



ip ssh version 1


track 1 interface Dialer0 ip routing





interface Embedded-Service-Engine0/0

no ip address



interface GigabitEthernet0/0

description Connected to Internet Temp

no ip address

duplex auto

speed auto


interface GigabitEthernet0/1

ip address

ip tcp adjust-mss 1452

duplex auto

speed auto


interface GigabitEthernet0/2

no ip address


duplex auto

speed auto


interface ATM0/0/0

no ip address

no atm ilmi-keepalive

pvc 0/35

  pppoe-client dial-pool-number 1


pvc 0/99

  pppoe-client dial-pool-number 1



interface Dialer0

no ip address


interface Dialer1

description $FW_OUTSIDE$

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1492

ip flow ingress

ip nat outside

ip nat enable

ip virtual-reassembly in

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

ppp authentication chap pap callin

ppp chap hostname

ppp chap password 0 123456

ppp pap sent-username password 0 123456

no cdp enable


ip forward-protocol nd


no ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000


ip route Dialer1


access-list 23 permit


no cdp run






banner login ^CC


**                                                           **


**                                                           **


banner motd ^CC




If you are an unauthorized user LOG OFF NOW, all unauthorized access will be prosecuted to the full extent of the law

This is a Private Network Device. This resource including all related equipment, networks and network devices, are provided for authorized Private use. Private systems are monitored for all lawful purposes, including ensuring authorized use, for manageme

The monitoring on this system may include audits by authorized personnel to test or verify the validity, security and survivability of this system. During monitoring information may be examined, recorded, copied and used for authorized purposes. All

Use of this system, constitutes consent to this policy and the policies and procedures set forth by the company

Evidence of unauthorized use collected during monitoring will be used for criminal prosecution by  staff, legal counsel and law enforcement agencies.^C


line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login local

transport input telnet ssh

line vty 5 15

login local

transport input telnet ssh


scheduler allocate 20000 1000


1 Reply 1

Islam Nadim

Let me get this correctly, you want to access the server over the public IP?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers