Andrea_
asked on
Cisco ASA Firewall settings
My environment has two separate domains, with a Cisco ASA 5520 acting as Firewall/router in between the 2 domains, and between them and the internet.
Domain A uses the "Inside" interface and has 3 domain controllers
DCA1 192.168.1.1
DCA2 192.168.1.2
DCA3 192.168.1.3
Domain B uses the "Public" interface and has 2 domain controllers
DCB1 192.168.2.1
DCB2 192.168.2.2
I need to set up domain trust between the domain controllers in the 2 domains.
Right now, All domain controllers on domain A can ping all DC's on domain B.
NO domain controllers on domain B can ping any DC's on domain A.
What access rules do I need to configure on the ASA to allow DCB1 and DCB2 access to DCA1, DCA2 & DCA3, while blocking any other traffic from domain B to domain A?
I would appreciate some assistance, as right now all traffic from B to A is blocked and I cannot create the trust.
Domain A uses the "Inside" interface and has 3 domain controllers
DCA1 192.168.1.1
DCA2 192.168.1.2
DCA3 192.168.1.3
Domain B uses the "Public" interface and has 2 domain controllers
DCB1 192.168.2.1
DCB2 192.168.2.2
I need to set up domain trust between the domain controllers in the 2 domains.
Right now, All domain controllers on domain A can ping all DC's on domain B.
NO domain controllers on domain B can ping any DC's on domain A.
What access rules do I need to configure on the ASA to allow DCB1 and DCB2 access to DCA1, DCA2 & DCA3, while blocking any other traffic from domain B to domain A?
I would appreciate some assistance, as right now all traffic from B to A is blocked and I cannot create the trust.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Can anyone help me? I really need to get these domain controllers talking to each other!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I want to make sure I understand your directions.
Step 3, is that creating a static NAT? or is there another type of static network I should be configuring?
Step 3, is that creating a static NAT? or is there another type of static network I should be configuring?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to all of you for your help.
My solution ended up being this:
In the ASDM console:
Configuration- Firewall- Public Servers-
inside 192.168.1.1 ip public 192.168.1.1
inside 192.168.1.2 ip public 192.168.1.2
inside 192.168.1.3 ip public 192.168.1.3
That allowed my domain B servers to find my domain A servers, so that my access rules would work.
My solution ended up being this:
In the ASDM console:
Configuration- Firewall- Public Servers-
inside 192.168.1.1 ip public 192.168.1.1
inside 192.168.1.2 ip public 192.168.1.2
inside 192.168.1.3 ip public 192.168.1.3
That allowed my domain B servers to find my domain A servers, so that my access rules would work.
ASKER
Both of those interfaces are on the inside.
The ASA actually has 5 interfaces configured (1 outside, 4 inside):
*** Outside (198.111.167.xxx)
Inside (192.168.255.1)
Public (192.168.2.1)
Publicwlan (192.168.4.1)
Management (192.168.1.1)
Am I correct that the rules would be different since these interfaces are both internal?