ICMP trough ASA

Unanswered Question
Mar 19th, 2008

Hi,

I need help in understanding if ICM works with PAT.

1. I have network 192.168.2.0 configured on inside interface which will act as DHCP server to allocate IP's

2.I have network 10.x.x.x on outside interface.

3.FTP/TFTP server(10.x.x.145) is located in the outside network.

4.Inside users should be able to do only ftp/tftp to ftp/tftp server

5.Inside network should be patted using the outside interface

6.ICMP should be allowed so that inside hosts should be able to ping the ftp servers

Let me know whats is the access-list that has to be applied to allow ftp.tftp and icmp and on which interface

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wasiimcisco Wed, 03/19/2008 - 08:24

access-list prv_outside extended permit icmp host 10.0.0.145 192.168.2.0 255.255.255.0 echo-reply

access-list prv_outside extended permit tcp host 10.0.0.145 192.168.2.0 255.255.255.0 eq ftp

access-list prv_outside extended permit tcp host 10.0.0.145 192.168.2.0 255.255.255.0 eq ftp-data

access-list prv_outside extended permit tcp host 10.0.0.145 192.168.2.0 255.255.255.0 eq 69

access-list prv_inside extended permit icmp 192.168.2.0 255.255.255.0 host 10.0.0.145 echo

access-list prv_inside extended permit tcp 192.168.2.0 255.255.255.0 host 10.0.0.145 eq ftp

access-list prv_inside extended permit tcp 192.168.2.0 255.255.255.0 host 10.0.0.145 eq ftp-data

access-list prv_inside extended permit tcp 192.168.2.0 255.255.255.0 host 10.0.0.145 eq 69

access-list prv_inside extended permit ip 192.168.2.0 255.255.255.0 any

access-group prv_outside in interface outside

access-group prv_inside in interface inside

static (inside,outside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

nat (inside) 1 192.168.2.0 255.255.255.0

global (outside) 1 interface

try it out and let me know

Actions

This Discussion