ASA 5505 config issues

andyleggett · ‎10-28-2008

Hi I've been battling with my new ASA 5505 and set it up based on the Cisco configuration example. It's a basic Internal network setup. I can get out onto the Internet fine but the setup will not allow anyone in via the NAT and access rules. Can anyone tell me what am I doing wrong? Thanks in advance.

Mo'ath Al Rawashdeh · ‎10-28-2008

Hi Andy,

Yes, there's something wrong. When you apply any access rules on the outside interface, you need to use the public IP addresses rather than the 192.168.0.3 range.

The access list should look like the one below:

access-list outside_access_in extended permit udp any host x.x.x.129 eq domain

access-list outside_access_in extended permit tcp any host x.x.x.129 eq https

access-list outside_access_in extended permit udp any host x.x.x.130 eq domain

access-list outside_access_in extended permit tcp any host x.x.x.129 eq smtp

access-list outside_access_in extended permit tcp any host x.x.x.130 eq www

access-list outside_access_in extended permit tcp any host x.x.x.131 eq www

Please rate if this solves it out.

Cheers,

andyleggett · ‎11-28-2008

Hi

Thanks for the advice. This seems to have partially worked. Looking at the logging info it seems to be letting udp traffice through but not http traffic.

Any ideas?