I'm having some problems getting my ASA5505 running like I wan't it to. To be clear this is my first ever Cisco firewall. My experience is with Juniper and Watchguard.
The DMZ is just for future sake. For now the email server runs in the internal network here at home.
I wan't the email server to be published on ports smtp and https.
I used ASDM to configure my device but there are some strange things going on here and I have no idea why.
The publish seems to work because I can access the server from the outside world, but, the ASA sometimes, not all the time but sometimes starts blocking internal network traffic! How is that even possible since it should not even be routed trough the gateway.
The problem can be DNS,MS remote desktop, Exchange server connection, filesharing. So I messed up something really bad here.
Some help needed here.
The configuration as follows
ASA Version 7.2(4)
ip address 10.10.10.1 255.255.255.128
ospf cost 10
ip address X.X.X.X 255.255.255.X
ospf cost 10
no forward interface Vlan1
ip address 192.168.10.1 255.255.255.128
ospf cost 10
switchport access vlan 2
switchport access vlan 3
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
object-group service DM_INLINE_TCP_1 tcp
port-object eq https
port-object eq smtp
access-list outside_access_in extended permit tcp any host mail object-group DM_INLINE_TCP_1
The config is from ASDM. And I'm guessing there is alot wrong there. So instead of looking at that what I need is the following.
Interfaces Outside,Inside and DMZ.
ASA to NAT everything outgoing.
I have five static IP:s and one of them is for the ASAs SSL vpn(34), one for the mailserver(35).
The mailserver is in the internal network, not DMZ, because it's a Domain controller also. So I need ports 443(https) and 25(smtp) redirected to the inside when comming to the outside IP X.X.X.35.
I'm guessing from your What are you trying to achieve here lines that I should dump the config and start over. And also since that is ASDM genereated source I might be better of doing this trough the cli so I get a hang of it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...