November 19, 2008 02:26am pst

1. batry_boy 632,921
2. lrmoore 520,600
3. PeteLong 141,217
4. Voltz-dk 120,870
5. MrHusy 120,045
6. mkielar 107,219
7. JFrederic... 103,500
8. Cyclops3... 98,738
9. Pugglewu... 73,677
10. _jesper_ 65,025
11. harbor235 50,640
12. rsivanandan 49,505
13. grblades 46,350
14. raptorjb007 44,800
15. nodisco 40,900
16. arnold 40,323
17. ck459 39,525
18. 2PiFL 35,575
19. RPPreacher 35,046
20. Jay_Gridley 34,935
21. from_exp 34,120
22. mabutterfi... 33,425
23. MikeKane 32,090
24. clearacid 31,205
25. naughton 28,380

1. lrmoore 2,467,881
2. batry_boy 1,001,045
3. rsivanandan 352,134
4. grblades 349,235
5. PeteLong 328,058
6. nodisco 277,487
7. calvinetter 254,590
8. MrHusy 241,746
9. Voltz-dk 228,809
10. Cyclops3... 215,644
11. JFrederic... 160,500
12. harbor235 121,650
13. tim_holman 120,177
14. carribeant... 108,132
15. mkielar 107,219
16. keith_ala... 105,619
17. _jesper_ 86,525
18. Pugglewu... 73,677
19. RPPreacher 73,023
20. stressedo... 60,512
21. td_miles 60,417
22. pruecons... 57,463
23. charan_j... 55,118
24. jjoseph_x 46,722
25. billwharton 45,258

01.14.2008 at 01:24PM PST, ID: 23082196

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.4

ASA5505 port forwarding question

Asked by wcoil in Cisco PIX Firewall

Tags: Cisco, ASA/PIX, ASA5505

Hello and thank you for your help if you are looking at this. I have an ASA 5505 that i have deployed in the field. Everything appears to be working on this device with the exception of getting to the mail server. We can ping the mail server by its internal ip address (10.0.1.254) while on the internal network. However when we try to ping by name, we get no responses. The real ip address a 65.17.x.x ip lives on the ASA 5505. Is there a setting in the ASA that will allow us to comunicate to the mail server by name? Here is the config to the ASA:

ASA5505# sh run
: Saved
:
ASA Version 7.2(2)
!
hostname ASA5505
domain-name domain.com
enable password ------------ encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address pppoe setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd --------------- encrypted
ftp mode passive
clock timezone EDT -5
clock summer-time EDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
name-server 65.17.xxx.xxx
name-server 65.17.xxx.xxx
domain-name domain.com
access-list NoNat extended permit ip 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0
access-list NoNat extended permit ip 10.0.1.0 255.255.255.0 10.240.0.0 255.255.255.0
access-list Tunnel1 extended permit ip 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0
access-list OutsideIn extended permit tcp any interface outside eq ftp
access-list OutsideIn extended permit tcp any interface outside eq smtp
access-list OutsideIn extended permit tcp any interface outside eq www
access-list OutsideIn extended permit tcp any interface outside eq pop3
access-list OutsideIn extended permit tcp any interface outside eq https
access-list Tunnel2 extended permit ip 10.0.1.0 255.255.255.0 10.240.0.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NoNat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp 10.0.1.254 smtp netmask 255.255.255.255
static (inside,outside) tcp interface www 10.0.1.254 www netmask 255.255.255.255
static (inside,outside) tcp interface pop3 10.0.1.254 pop3 netmask 255.255.255.255
static (inside,outside) tcp interface ftp 10.0.1.254 ftp netmask 255.255.255.255
static (inside,outside) tcp interface https 10.0.1.254 https netmask 255.255.255.255
access-group OutsideIn in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
snmp-server host outside 65.17.xxx.xxx community --------
snmp-server contact --------@domain.com
snmp-server community ---------
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
crypto ipsec transform-set strong esp-3des esp-sha-hmac
crypto ipsec transform-set stlouis esp-3des esp-md5-hmac
crypto map CGMap 20 match address Tunnel1
crypto map CGMap 20 set peer xxx.xxx.xxx.xxx
crypto map CGMap 20 set transform-set tunnel1
crypto map CGMap 25 match address Tunnel2
crypto map CGMap 25 set peer xxx.xxx.xxx.xxx
crypto map CGMap 25 set transform-set tunnel2
crypto map CGMap interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 15
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key -----------
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key -----------
telnet timeout 5
ssh 10.0.1.0 255.255.255.0 inside
ssh 65.17.xxx.xxx 255.255.255.0 outside
ssh timeout 10
console timeout 0
vpdn group pppoegroup request dialout pppoe
vpdn group pppoegroup localname -----------@domain.com
vpdn group pppoegroup ppp authentication chap
vpdn username ---------@domain.com password -----------

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
ntp server 65.17.xxx.xxx
prompt hostname context
Cryptochecksum:91f2c7564e53e23344a216a72cf53e50
: endStart Free Trial

Keywords: ASA5505 port forwarding question

	Title
1	Allow Microsoft VPN Access Through …
2	Cannot port forward smtp to mail serve…
3	set up ASA with single outside IP, por…
4	Replacing 1720 with ASA5505…
5	IPSec VPN
6	Port Forwarding

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

ASA5505 port forwarding question

Asked by wcoil in Cisco PIX Firewall

Tags: Cisco, ASA/PIX, ASA5505

About this solution