Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need help in configring ASA 5550 as a router with firewall allowing only port 80 and 443

Dear all,

Please Refer attached diagram,

We have MPLS users ( remote offices) and LAN users(local office) accessing internet via ASA 5520. Also at present these users access some application located at DC via the same internet.

Now our management has decided to send all the traffic meant for our public sever (101.100.X.X)  via a new Leased line directly connecting to DC.

New 4 MB line is up now, we had an ASA 5550 unsude, so we thought of using this firewall to terninate this new link.

This firewall was used before as an internet gateway, and it had few configurations in it, i removed few ( like NATing and all),

Now i have configured outside inteface and given a route 101.100.X.X to DC which works fine, I am able to ping from my ASA to

101.100.X.X server from this new link connected to ASA5550. I have configured ASA 5550 LAN interface with 172.16.0.4/24 address which is in same lan pool of our existing internet gateway ASA5520 lan interface ip 172.16.0.22/24.

Now in order to send traffic meant for 101.100.X.X via the new PTP link we tried 2 ways.

1) Give a route in 7206 pointing all 101.100.X.X to 172.16.0.4(ASA5550) or

2) Give a route in 7206 pointing all 101.100.X.X to 172.16.0.4(ASA5550)

But it didnt work. I am able to ping 172.16.0.4 from 7206 as well as from ASA5520. also from new ASA 5550 we are able to ping 101.100.X.X IP's.

Now I suspect problem in ASA 5550 firewall as a firewall router which is not allowing trffic to pass throu it.

I am new to firewall, i am of router and switch background. can anyone please help me in this case??

I just need to use this ASA 5550 as a plain router which will forward all traffic meant for 101.100.X.X to other side via the leased line.

After that i need to allow only ports 80,443,8080. There is no NAT, ACL and all is required and it not configured also.

It would be great if you help me in sending step by step procedure to delete all existing configuration in ASA 5550 and start a clean configuration which will make this firewall act as a plain router. (enabling ASDM configuration will help)

Thanks,

Raghavendra

405
Views
0
Helpful
0
Replies
CreatePlease to create content