Solved

Cisco ASA ACL

Posted on 2011-03-16
4
739 Views
Last Modified: 2012-05-11
I have some "Internal" servers 192.x.x.x trying to telnet to a "DMZ" server 172.x.x.x on port 27000 and connection keeps failing. What access list rule via ASDM or CLI should I insert to get this working.
0
Comment
Question by:solarisjunkie
  • 3
4 Comments
 
LVL 1

Expert Comment

by:slamjam2000
ID: 35153687
!(Inside server)192.168.1.10 --> 172.20.1.20 (DMZ server)

!defining acl with interface

access-group DMZtoInside in interface DMZ
access-group InsidetoDMZ in interface inside


!example of static NAT

static (inside,DMZ) 172.20.1.5 192.168.2.20 netmask 255.255.255.255

!DMZ back to Inside server
access-list DMZtoInside permit tcp host 172.20.1.20 host 172.20.1.5 eq 27000

!inside server access to DMZ
access-list InsidetoDMZ permit tcp host 192.168.1.10 host 192.168.2.20 eq 27000
0
 
LVL 1

Accepted Solution

by:
slamjam2000 earned 500 total points
ID: 35153703
Oop... I missed something on my last post.. sorry...  here it is..

!Example Path: (Inside server)192.168.1.10 --> 172.20.1.20 (DMZ server)

!defining acl with interface
access-group DMZtoInside in interface DMZ
access-group InsidetoDMZ in interface inside


!example of static NAT

static (inside,DMZ) 172.20.1.5 192.168.1.10 netmask 255.255.255.255
static (DMZ,inside) 192.168.1.20 172.20.1.20 netmask 255.255.255.255


!inside server access to DMZ
access-list InsidetoDMZ permit tcp host 192.168.1.10 host 192.168.2.20 eq 27000

!DMZ back to Inside server
access-list DMZtoInside permit tcp host 172.20.1.20 host 172.20.1.5 eq 27000

0
 

Author Comment

by:solarisjunkie
ID: 35155422
If the internal servers are a subnet 192.x.x.0/24 how do I
adjust the ACL accordingly
0
 
LVL 1

Expert Comment

by:slamjam2000
ID: 35162256
You will need to adjust both the NAT and ACL to the /24 subnet for both DMZ and Inside.

0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question