hi all
i have a little problem with my asa, which is, a host that connected to outside interface cannot connect to host that connected to inside interfaces. my ASA currently running Transparant mode, and following is the configuration of my ASA. for your information my ASA is 5510 and running version 9.1
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2016.12.03 15:44:23 =~=~=~=~=~=~=~=~=~=~=~=
sh run
: Saved
:
: Serial Number: JMX1523L00X
: Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
:
ASA Version 9.1(7)4
!
firewall transparent
hostname ASAFW-TEDC-WAN
enable password DjGOaLXBWWiqnfoU encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp anyf6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd DjGOaLXBWWiqnfoU encrypted
names
!
interface Ethernet0/0
description To WAN
channel-group 1 mode active
<--- More ---> no nameif
bridge-group 1
no security-level
!
interface Ethernet0/1
description To LAN
channel-group 1 mode active
no nameif
bridge-group 1
no security-level
!
interface Ethernet0/2
nameif Outside
bridge-group 1
security-level 100
!
interface Ethernet0/3
shutdown
no nameif
no security-level
!
interface Management0/0
management-only
nameif Management
<--- More ---> security-level 100
ip address 10.10.10.10 255.255.255.0
!
interface BVI1
ip address 10.1.1.76 255.255.255.0
!
interface Port-channel1
nameif Inside
bridge-group 1
security-level 100
!
boot system disk0:/asa917-4-k8.bin
ftp mode passive
clock timezone JAVT 7
dns server-group DefaultDNS
same-security-traffic permit inter-interface
object network networkDC
subnet 10.0.0.0 255.224.0.0
object service 995
service tcp destination eq 995
object service 993
service tcp destination eq 993
object service All-UDP-Port
service udp source range 0 65535 destination range 0 65535
object service All-TCP-ort
service tcp source range 1 65535 destination range 1 65535
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_5
protocol-object ip
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object udp
service-object tcp
service-object tcp destination eq ssh
service-object icmp
service-object tcp-udp destination eq www
service-object tcp destination eq www
service-object tcp destination eq https
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object udp
service-object tcp
service-object tcp destination eq ssh
service-object icmp
service-object tcp destination eq www
service-object tcp destination eq https
object-group protocol all-protocol
protocol-object ip
protocol-object icmp
protocol-object pim
protocol-object pcp
<--- More ---> protocol-object snp
protocol-object udp
protocol-object icmp6
protocol-object tcp
object-group service Exchange
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object udp destination eq www
service-object object 995
service-object object 993
service-object object All-TCP-ort
service-object object All-UDP-Port
object-group service DM_INLINE_SERVICE_3
service-object ip
service-object udp
service-object tcp
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq imap4
group-object Exchange
service-object object 995
<--- More ---> service-object object 993
service-object object All-TCP-ort
service-object icmp
service-object object All-UDP-Port
object-group service DM_INLINE_SERVICE_4
service-object ip
service-object udp
service-object tcp
group-object Exchange
service-object object All-TCP-ort
service-object icmp
service-object object All-UDP-Port
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any4 any4 log debugging
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list inside2_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any any
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_1 any4 any4 log debugging
access-list Out_access_in extended permit object-group DM_INLINE_PROTOCOL_5 any any
access-list Inside_access_in_1 extended permit object-group DM_INLINE_SERVICE_4 object networkDC object networkDC
access-list Outside_access_in_1 extended permit object-group DM_INLINE_SERVICE_3 object networkDC object networkDC
pager lines 24
logging enable
logging asdm informational
mtu Outside 1500
mtu Inside 1500
<--- More ---> mtu Management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-762.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
access-group Outside_access_in_1 in interface Outside
access-group Inside_access_in_1 in interface Inside
route Management 0.0.0.0 0.0.0.0 10.10.10.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
<--- More ---> http 10.0.0.0 255.224.0.0 Management
http 10.0.0.0 255.224.0.0 Inside
snmp-server location Data Center
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=ASAFW-TEDC-WAN
crl configure
crypto ca trustpool policy
telnet 10.0.0.0 255.224.0.0 Inside
telnet 10.0.0.0 255.224.0.0 Management
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 10.0.0.0 255.224.0.0
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.1.1.224
ntp server 10.1.1.223 prefer
username admin password HYhpgmu2.vsBnHXI encrypted privilege 15
<--- More ---> !
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect http
inspect icmp
class class-default
user-statistics accounting
!
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:385c105db357156da367b766b0632496
: end
ASAFW-TEDC-WAN(config)# � ��
