Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco ASA ACL

Posted on 2011-03-16
4
Medium Priority
?
749 Views
Last Modified: 2012-05-11
I have some "Internal" servers 192.x.x.x trying to telnet to a "DMZ" server 172.x.x.x on port 27000 and connection keeps failing. What access list rule via ASDM or CLI should I insert to get this working.
0
Comment
Question by:solarisjunkie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 1

Expert Comment

by:slamjam2000
ID: 35153687
!(Inside server)192.168.1.10 --> 172.20.1.20 (DMZ server)

!defining acl with interface

access-group DMZtoInside in interface DMZ
access-group InsidetoDMZ in interface inside


!example of static NAT

static (inside,DMZ) 172.20.1.5 192.168.2.20 netmask 255.255.255.255

!DMZ back to Inside server
access-list DMZtoInside permit tcp host 172.20.1.20 host 172.20.1.5 eq 27000

!inside server access to DMZ
access-list InsidetoDMZ permit tcp host 192.168.1.10 host 192.168.2.20 eq 27000
0
 
LVL 1

Accepted Solution

by:
slamjam2000 earned 2000 total points
ID: 35153703
Oop... I missed something on my last post.. sorry...  here it is..

!Example Path: (Inside server)192.168.1.10 --> 172.20.1.20 (DMZ server)

!defining acl with interface
access-group DMZtoInside in interface DMZ
access-group InsidetoDMZ in interface inside


!example of static NAT

static (inside,DMZ) 172.20.1.5 192.168.1.10 netmask 255.255.255.255
static (DMZ,inside) 192.168.1.20 172.20.1.20 netmask 255.255.255.255


!inside server access to DMZ
access-list InsidetoDMZ permit tcp host 192.168.1.10 host 192.168.2.20 eq 27000

!DMZ back to Inside server
access-list DMZtoInside permit tcp host 172.20.1.20 host 172.20.1.5 eq 27000

0
 

Author Comment

by:solarisjunkie
ID: 35155422
If the internal servers are a subnet 192.x.x.0/24 how do I
adjust the ACL accordingly
0
 
LVL 1

Expert Comment

by:slamjam2000
ID: 35162256
You will need to adjust both the NAT and ACL to the /24 subnet for both DMZ and Inside.

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Considering cloud tradeoffs and determining the right mix for your organization.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question