10-28-2008 02:06 AM - edited 03-11-2019 07:03 AM
Hi I've been battling with my new ASA 5505 and set it up based on the Cisco configuration example. It's a basic Internal network setup. I can get out onto the Internet fine but the setup will not allow anyone in via the NAT and access rules. Can anyone tell me what am I doing wrong? Thanks in advance.
10-28-2008 02:29 AM
Hi Andy,
Yes, there's something wrong. When you apply any access rules on the outside interface, you need to use the public IP addresses rather than the 192.168.0.3 range.
The access list should look like the one below:
access-list outside_access_in extended permit udp any host x.x.x.129 eq domain
access-list outside_access_in extended permit tcp any host x.x.x.129 eq https
access-list outside_access_in extended permit udp any host x.x.x.130 eq domain
access-list outside_access_in extended permit tcp any host x.x.x.129 eq smtp
access-list outside_access_in extended permit tcp any host x.x.x.130 eq www
access-list outside_access_in extended permit tcp any host x.x.x.131 eq www
Please rate if this solves it out.
Cheers,
11-28-2008 03:22 AM
Hi
Thanks for the advice. This seems to have partially worked. Looking at the logging info it seems to be letting udp traffice through but not http traffic.
Any ideas?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide