Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,
I am trying to secure a server which is directly connected to a layer 2 switch port. I want to only permit access to the server from specific ip addresses. Example of commands entered are below.
Server = 10.10.10.1
Access-list 102 permit ip host ...
Hi,
I am trying to firstly upload the new asa951-smp-k8 firmware into the firewall flash so i can upgrade the ASA. My issue is that it fails before it can finish uploading into the flash. I have tried this via TFTP and via the current ASDM but it loo...
Hi, I have a really annoying issue with Natting on a Cisco ASA Firewall. I have an Internal device which needs to talk to a device which is in the DMZ. The routing etc is fine, they can communicate with each other. The issue is, the device in the DMZ...
Hi,I am having issues passing traffic between two ASA firewalls. The VPN tunnel is up with one dynamic IP and one Static IP. I have attached a diagram of the VPN connection. I am unsure where the issue lies and what to check next. I think i have all ...
Great, thanks Grant. Swapping the hosts round has worked. The aim is to secure the server so only a number of devices can connect to it to store their backups. Simplistic design but provides what we require and I don't expect the ACL rules to expand....
Thanks for replying Grant.
Yes the server is connected to G0/11 so which port should I be adding the ACL to? I have tried removing the implicit deny just in case that was causing the issues but with it being top down I tested some of the permit ACLs...
Sorry for the late reply.
The answer was the upgrade path. I had to go from 8.1 to 8.2 before upgrading to 9.5. Would be nice if the ASA told me that instead of just restarting :).
Thanks
Adam
Thanks Jouni, really appreciate the help. The Static NAT section at the bottom was the key. (dmz, outside). I was sure i had tried that combination. tried it again and i am now able to get internal and external communication to the device in the DMZ....
#Show run natobject network Sophos_Encrypt nat (Inside,DMZ) static 217.16.11.52This is the one that affects whether i can get internal or external access. If I leave it on (Any, Any) then it allows external access only. If i have it on (Inside, DMZ) ...
