I am practising Firewall on GNS3. I have natted DMZ server to Outside IP. I have written an access-list saying permit any source from outside network can telnet a host on DMZ. When I do packet trace from ASDM it works perfectly, even hits access-list . but when I try to telnet host it fails. Rather it never hits access-list in that case. What could be the reason?
If so there is a multitude of things that could be happening. When you say you are have natted the server to the outside IP, are you using PAT natting to only port 23? have you open only for telnet in the ACL on the outside interface? are you sure that your device on the outside interface is sending on port 23? Have you verified that the traffic is actually being NATed?
Another possibility is that this could be a virtualization issue and that deleting the ASA from GNS3 and recreating it will solve the issue.
Would be useful to see a network diagram and the running config if you still need help.
Please remember to rate and select a correct answer
You can send the packet-tracer output to check the results using CLI, the show run nat output and the acl used in the outside are useful as well. Now, what is the software version used in the ASA? If you use bellow 8.3 the ACL should use your outside ip address from the outside, now if you use 8.3 or later, the ACL should use the 'real ip' of the Server
If everything looks fine maybe there is a virtualization issue....
I guess it was problem wiith simulation. I used servers instead of routers. Now it is working. And yes, I was using real ip address in acls and translated ip to check them. Well, Thanks for concern. As of now everything is working fine.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...