I am rather new to setting up firewalls. I have an ASA 5510 that I am setting up currently to block all non-web traffic on our firewall except from our office.
I have configured the interfaces but when I run "show route" it only shows the inside route. I have been unable to get any data to pass through the firewall even when I had set the access list to allow all traffic from all sources. There is a small 8 address network on the outside interface connecting to our hosting company. Inside is a public class C. All address are valid Public IPs.
Relevant excerpts From my current config:
ip address x.x.226.170 255.255.255.248
ip address x.x.255.2 255.255.255.0
access-list outside_access_in extended permit ip host x.x.14.30 any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any any eq www
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.226.168 1
When I run the "Show route" command all I get is :
C x.x.255.0 255.255.255.0 is directly connected, inside
There is no mention of the default route or the network connected to the outside interface.
It's actually disconnected right now. When we had connected it before we could ping it from the hosting company's router. Unfortunately the website is already live so I could not leave the outside interface connected after I failed to configure the firewall properly. Will the route not show when it's disconnected?
Thank you. That makes sense. As for why I couldn't get data to pass thru before I wanted to check and make sure my settings are right.
My outside route should point to the gateway of the hosting company's router correct?
Above I have listed my access list. Is this correct for allowing all www traffic thru? It seemed before that the website traffic was going out to in but not the other way. Do I need to create an access group for the inside interface to allow users to access our site properly?
It feels like I'm making this setup harder than it should be for a simple flat network but I just can't get it to work.
I am hosting a public website at on off-site colocation facility. We do have those address assigned and the website is running and accessible right now. I just have the uplink plugged into the backbone switch rather than the Firewall right now.
Previously I had the outside route directed to the IP of the outside interface like I had seen in several examples. I am guessing thats what was causing my problems.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...