Advertisement

04.22.2008 at 05:50PM PDT, ID: 23345142
[x]
Attachment Details

Cisco ASA 5510 Basic Config

Asked by isol8 in Enterprise Firewalls, Network Software Firewalls, Networking Hardware Firewalls

Tags: Cisco, ASA 5510, 8.0.2, Cisco, ASA 5510, 8.0.2

I'm attempting to setup a Cisco ASA 5510 with a fairly basic configuration.

I'd like to setup a one-to-one NAT with an external IP address that will forward port 443 and port 80 to an internal IP address.  Internal users should be able to browse the web, send email, ping, FTP, etc.

External IP: 64.20.38.166
Internal IP: 192.168.0.60

Also, In this line:
object-group service DM_INLINE_TCP_1 tcp
What is DM_INLINE_TCP_1?

Here is my current config that doesn't work properly:
Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:

ASA Version 8.0(2) 
!
hostname ASA-CO
domain-name domain.com
enable password R.8m encrypted
names
!
interface Ethernet0/0
 nameif LAN
 security-level 100
 ip address 192.168.0.254 255.255.255.0 
!
interface Ethernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2
 nameif WAN
 security-level 0
 ip address 64.20.38.166 255.255.255.248 
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
passwd 2KFOU encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name domain.com
same-security-traffic permit intra-interface
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_TCP_1 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_2 tcp
 port-object eq www
 port-object eq https
access-list WAN_access_in extended permit icmp any any 
access-list LAN_access_in extended permit icmp any any 
access-list LAN_access_in extended permit tcp any any object-group DM_INLINE_TCP_1 
access-list LAN_access_in extended permit tcp any any eq aol 
access-list WAN_access_in_1 extended permit tcp any host 64.20.38.163 object-group DM_INLINE_TCP_2 
pager lines 24
logging enable
logging asdm informational
logging host LAN 192.168.0.7
mtu LAN 1500
mtu WAN 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any LAN
icmp permit any WAN
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (WAN) 101 interface
nat (LAN) 101 0.0.0.0 0.0.0.0
static (LAN,WAN) tcp 64.20.38.163 https 192.168.0.60 https netmask 255.255.255.255 
static (LAN,WAN) tcp 64.20.38.163 www 192.168.0.60 www netmask 255.255.255.255 
access-group LAN_access_in in interface LAN
access-group WAN_access_in_1 in interface WAN
route WAN 0.0.0.0 0.0.0.0 64.20.38.161 20
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.0.0 255.255.255.0 LAN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:3a27fbe45ec9
: end
[+][-]04.22.2008 at 07:31PM PDT, ID: 21417361

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.23.2008 at 04:59AM PDT, ID: 21419604

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.23.2008 at 04:43PM PDT, ID: 21426557

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.23.2008 at 05:45PM PDT, ID: 21426819

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.23.2008 at 06:16PM PDT, ID: 21426932

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.23.2008 at 07:19PM PDT, ID: 21427304

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.24.2008 at 05:57PM PDT, ID: 21436381

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Enterprise Firewalls, Network Software Firewalls, Networking Hardware Firewalls
Tags: Cisco, ASA 5510, 8.0.2, Cisco, ASA 5510, 8.0.2
Sign Up Now!
Solution Provided By: isol8
Participating Experts: 1
Solution Grade: A
 
 
[+][-]04.24.2008 at 05:59PM PDT, ID: 21436386

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.24.2008 at 06:25PM PDT, ID: 21436482

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]04.25.2008 at 01:50PM PDT, ID: 21443112

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.25.2008 at 07:41PM PDT, ID: 21444293

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.28.2008 at 03:52AM PDT, ID: 21452808

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628