11-10-2013 05:48 AM - edited 03-07-2019 04:31 PM
Dear friends i configure public ip on firewall interface ,and i have one more public ip for hosting of the sqp application publicly,so please how can i do this can any one let me know configuration is below.
THE BELOW ARE THE IP ADD FOR THE SERVER HOSTING ,AND CONFIGURATION OF THE FIREWALL AND ROUTER FOLLLOW BELOW.
PC IP : 72.93.232.66
Subnet Mask: 255.255.255.252
Gate Way ( Router IP ) : 72.93.232.65
Domain Name : www.hrmstadrees.com
Server Local IP for Application: http://10.10.10.4/MenaITech/Mename/
ASA-CONFIG
:
ASA Version 8.2(5)
!
domain-name RAQ.com
enable password lpW.MGeEHg0ISQZq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
description Connected to TAD-Router G0/1
nameif outside
security-level 0
ip address 72.93.19.174 255.255.255.252
!
interface Ethernet0/1
description Connected to Cisco SMB Switch G1
nameif inside
security-level 100
ip address 10.15.1.1 255.255.255.248
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
no ip address
management-only
!
banner login ******** RAQ FIREWALL ********
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 84.22.224.11
name-server 84.22.224.12
domain-name tadrees.com
access-list split-tunnel standard permit 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.1.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.10.0.0 255.255.0.0 10.1.1.0 255.255.255.0
access-list Mename-Access extended permit tcp any host 72.93.19.174 eq www
pager lines 24
logging enable
logging buffered debugging
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool sslvpnpool 10.1.1.1-10.1.1.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-702.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 10.10.10.4 www netmask 255.255.255.255
access-group Mename-Access in interface outside
!
router rip
network 10.0.0.0
version 2
!
route outside 0.0.0.0 0.0.0.0 72.93.19.173 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TAD-AD protocol nt
aaa-server TAD-AD (inside) host 10.10.10.1
aaa authentication ssh console LOCAL
http server enable 444
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 2
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 20
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
no anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc enable
tunnel-group-list enable
internal-password enable
group-policy sslvpn internal
group-policy sslvpn attributes
wins-server none
dns-server none
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value tadrees.com
group-policy DfltGrpPolicy attributes
webvpn
svc ask enable default webvpn timeout 30
username admin password s8Vngsgpp8NmOJP7 encrypted privilege 15
username cisco password HWFflA1bzYiq7Uut encrypted privilege 15
tunnel-group TAD-SSLV type remote-access
tunnel-group TAD-SSLV general-attributes
address-pool sslvpnpool
authentication-server-group TAD-AD LOCAL
default-group-policy sslvpn
tunnel-group TAD-SSLV webvpn-attributes
group-alias ssl enable
group-url https://72.93.19.174/ssl enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c23556bcb54d60cbd598593f6429d106
: end
ROUTER CONFIGURATION
RAQ-Router#sho run
Building configuration...
Current configuration : 5623 bytes
!
! Last configuration change at 13:59:42 UTC Sat Sep 21 2013 by cisco
! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco
! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TAD-Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
no aaa new-model
!
no ipv6 cef
ip source-route
no ip cef
!
!
!
!
!
ip domain name yourdomain.com
ip name-server 8.8.8.8
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1513054491
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1513054491
revocation-check none
rsakeypair TP-self-signed-1513054491
!
!
crypto pki certificate chain TP-self-signed-1513054491
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353133 30353434 3931301E 170D3132 30393236 31363239
33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35313330
35343439 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AADE 6F39CF31 6832A80B DBCC6E4D 82AA4F8A B71E7118 50B53E0E FD94E7E9
A6557FD6 30A099C0 D44E36BA 92CBE1EB 1C2789B6 A1260D38 B24637A5 255F18D7
0B6F2B70 44CF0583 DADB7687 E4102B24 4FA18CDA 36A7CA2A 96F78C1C B92214D8
087DC6D5 240F7449 DBC4AD01 17FBDC0A 9ECC24DF C7D57E33 9C9CF327 27F2A905
78470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14D06F56 4B82A937 E11730CB BDEECF51 BDAE337F 98301D06
03551D0E 04160414 D06F564B 82A937E1 1730CBBD EECF51BD AE337F98 300D0609
2A864886 F70D0101 05050003 8181005A 297C5954 817B8D56 1443D1D5 B21DBA42
F7EC486D B82CBA55 C2953C0E 756FAC1F B04C48C3 D208E4AF DE412F1C C4A97B38
856AC4F2 A664C6CB 3E241FB6 4AD2DC4B BE5B4809 DE6269CC 0826E822 33F853B3
3FE1E0E9 AA125902 C632B6E6 BE2EC625 0F7F2259 F408844B 9813429F 422EDBE0
ADE0EA0D A2138291 D806C4F1 72C4A9
quit
license udi pid CISCO2911/K9 sn FCZ1633771T
!
!
username bciscoadmin password 0 tadreesadmin
username cisco privilege 15 password 0 c1sc0
!
!
ip ssh version 1
!
track 1 interface Dialer0 ip routing
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Connected to Internet Temp
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 72.93.19.173 255.255.255.252
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
!
pvc 0/99
pppoe-client dial-pool-number 1
!
!
interface Dialer0
no ip address
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip nat enable
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname ala@4096.awalnet.net.sa
ppp chap password 0 123456
ppp pap sent-username ala@4096.awalnet.net.sa password 0 123456
no cdp enable
!
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 23 permit 10.10.10.0 0.0.0.7
!
no cdp run
!
!
control-plane
!
!
banner login ^CC
***************************************************************
** **
** TADREES PRIVATE NETWORK ..... AUTHORIZED USERS ONLY **
** **
***************************************************************^C
banner motd ^CC
==================
WARNING
==================
If you are an unauthorized user LOG OFF NOW, all unauthorized access will be prosecuted to the full extent of the law
This is a Private Network Device. This resource including all related equipment, networks and network devices, are provided for authorized Private use. Private systems are monitored for all lawful purposes, including ensuring authorized use, for manageme
The monitoring on this system may include audits by authorized personnel to test or verify the validity, security and survivability of this system. During monitoring information may be examined, recorded, copied and used for authorized purposes. All
Use of this system, constitutes consent to this policy and the policies and procedures set forth by the company
Evidence of unauthorized use collected during monitoring will be used for criminal prosecution by staff, legal counsel and law enforcement agencies.^C
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
11-12-2013 11:19 PM
Let me get this correctly, you want to access the server over the public IP?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide