Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
1
Replies

HI friends i am facing issue regarding the hosting of an application on the firewall .

mohammed abdul naveed
Level 1
Level 1

‎11-10-2013 05:48 AM - edited ‎03-07-2019 04:31 PM

Dear friends i configure public ip on firewall interface ,and i have one more public ip for hosting of the sqp application publicly,so please how can i do this can any one let me know configuration is below.

THE BELOW ARE THE IP ADD FOR THE SERVER HOSTING ,AND CONFIGURATION OF THE FIREWALL AND ROUTER FOLLLOW BELOW.

PC IP : 72.93.232.66

Subnet Mask: 255.255.255.252

Gate Way ( Router IP ) : 72.93.232.65

Domain Name : www.hrmstadrees.com

Server Local IP for Application: http://10.10.10.4/MenaITech/Mename/

ASA-CONFIG

:

ASA Version 8.2(5)

!

domain-name RAQ.com

enable password lpW.MGeEHg0ISQZq encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

description Connected to TAD-Router G0/1

nameif outside

security-level 0

ip address 72.93.19.174 255.255.255.252

!

interface Ethernet0/1

description Connected to Cisco SMB Switch G1

nameif inside

security-level 100

ip address 10.15.1.1 255.255.255.248

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

no ip address

management-only

!

banner login ********  RAQ FIREWALL ********

ftp mode passive

dns domain-lookup outside

dns server-group DefaultDNS

name-server 8.8.8.8

name-server 84.22.224.11

name-server 84.22.224.12

domain-name tadrees.com

access-list split-tunnel standard permit 10.10.0.0 255.255.0.0

access-list nonat extended permit ip 10.1.1.0 255.255.255.0 10.10.0.0 255.255.0.0

access-list nonat extended permit ip 10.10.0.0 255.255.0.0 10.1.1.0 255.255.255.0

access-list Mename-Access extended permit tcp any host 72.93.19.174 eq www

pager lines 24

logging enable

logging buffered debugging

logging asdm debugging

mtu outside 1500

mtu inside 1500

mtu management 1500

ip local pool sslvpnpool 10.1.1.1-10.1.1.254 mask 255.255.255.0

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-702.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface www 10.10.10.4 www netmask 255.255.255.255

access-group Mename-Access in interface outside

!

router rip

network 10.0.0.0

version 2

!

route outside 0.0.0.0 0.0.0.0 72.93.19.173 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server TAD-AD protocol nt

aaa-server TAD-AD (inside) host 10.10.10.1

aaa authentication ssh console LOCAL

http server enable 444

http 192.168.1.0 255.255.255.0 management

http 0.0.0.0 0.0.0.0 outside

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet 0.0.0.0 0.0.0.0 inside

telnet timeout 2

ssh 0.0.0.0 0.0.0.0 outside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 20

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

enable outside

no anyconnect-essentials

svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

svc enable

tunnel-group-list enable

internal-password enable

group-policy sslvpn internal

group-policy sslvpn attributes

wins-server none

dns-server none

vpn-tunnel-protocol svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split-tunnel

default-domain value tadrees.com

group-policy DfltGrpPolicy attributes

webvpn

  svc ask enable default webvpn timeout 30

username admin password s8Vngsgpp8NmOJP7 encrypted privilege 15

username cisco password HWFflA1bzYiq7Uut encrypted privilege 15

tunnel-group TAD-SSLV type remote-access

tunnel-group TAD-SSLV general-attributes

address-pool sslvpnpool

authentication-server-group TAD-AD LOCAL

default-group-policy sslvpn

tunnel-group TAD-SSLV webvpn-attributes

group-alias ssl enable

group-url https://72.93.19.174/ssl enable

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:c23556bcb54d60cbd598593f6429d106

: end

ROUTER CONFIGURATION

RAQ-Router#sho run

Building configuration...

Current configuration : 5623 bytes

!

! Last configuration change at 13:59:42 UTC Sat Sep 21 2013 by cisco

! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco

! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname TAD-Router

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

no aaa new-model

!

no ipv6 cef

ip source-route

no ip cef

!

!

!

!

!

ip domain name yourdomain.com

ip name-server 8.8.8.8

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1513054491

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1513054491

revocation-check none

rsakeypair TP-self-signed-1513054491

!

!

crypto pki certificate chain TP-self-signed-1513054491

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31353133 30353434 3931301E 170D3132 30393236 31363239

  33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35313330

  35343439 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100AADE 6F39CF31 6832A80B DBCC6E4D 82AA4F8A B71E7118 50B53E0E FD94E7E9

  A6557FD6 30A099C0 D44E36BA 92CBE1EB 1C2789B6 A1260D38 B24637A5 255F18D7

  0B6F2B70 44CF0583 DADB7687 E4102B24 4FA18CDA 36A7CA2A 96F78C1C B92214D8

  087DC6D5 240F7449 DBC4AD01 17FBDC0A 9ECC24DF C7D57E33 9C9CF327 27F2A905

  78470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14D06F56 4B82A937 E11730CB BDEECF51 BDAE337F 98301D06

  03551D0E 04160414 D06F564B 82A937E1 1730CBBD EECF51BD AE337F98 300D0609

  2A864886 F70D0101 05050003 8181005A 297C5954 817B8D56 1443D1D5 B21DBA42

  F7EC486D B82CBA55 C2953C0E 756FAC1F B04C48C3 D208E4AF DE412F1C C4A97B38

  856AC4F2 A664C6CB 3E241FB6 4AD2DC4B BE5B4809 DE6269CC 0826E822 33F853B3

  3FE1E0E9 AA125902 C632B6E6 BE2EC625 0F7F2259 F408844B 9813429F 422EDBE0

  ADE0EA0D A2138291 D806C4F1 72C4A9

        quit

license udi pid CISCO2911/K9 sn FCZ1633771T

!

!

username bciscoadmin password 0 tadreesadmin

username cisco privilege 15 password 0 c1sc0

!

!

ip ssh version 1

!

track 1 interface Dialer0 ip routing

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Connected to Internet Temp

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 72.93.19.173 255.255.255.252

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

pvc 0/35

  pppoe-client dial-pool-number 1

!

pvc 0/99

  pppoe-client dial-pool-number 1

!

!

interface Dialer0

no ip address

!

interface Dialer1

description $FW_OUTSIDE$

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1492

ip flow ingress

ip nat outside

ip nat enable

ip virtual-reassembly in

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

ppp authentication chap pap callin

ppp chap hostname ala@4096.awalnet.net.sa

ppp chap password 0 123456

ppp pap sent-username ala@4096.awalnet.net.sa password 0 123456

no cdp enable

!

ip forward-protocol nd

!

no ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 Dialer1

!

access-list 23 permit 10.10.10.0 0.0.0.7

!

no cdp run

!

!

control-plane

!

!

banner login ^CC

***************************************************************

**                                                           **

**    TADREES PRIVATE NETWORK ..... AUTHORIZED USERS ONLY    **

**                                                           **

***************************************************************^C

banner motd ^CC

                                                  ==================

                                                       WARNING

                                                  ==================

If you are an unauthorized user LOG OFF NOW, all unauthorized access will be prosecuted to the full extent of the law

This is a Private Network Device. This resource including all related equipment, networks and network devices, are provided for authorized Private use. Private systems are monitored for all lawful purposes, including ensuring authorized use, for manageme

The monitoring on this system may include audits by authorized personnel to test or verify the validity, security and survivability of this system. During monitoring information may be examined, recorded, copied and used for authorized purposes. All

Use of this system, constitutes consent to this policy and the policies and procedures set forth by the company

Evidence of unauthorized use collected during monitoring will be used for criminal prosecution by  staff, legal counsel and law enforcement agencies.^C

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login local

transport input telnet ssh

line vty 5 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
1 Reply 1

Islam Nadim
Level 1
Level 1

‎11-12-2013 11:19 PM

Let me get this correctly, you want to access the server over the public IP?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card