How to configure CISCO ASA 5510 for internal remote desktop ?
Helo,I have a client that want to install new ASA (5510) in their network.
and then I did some experiment to implement it. the topology is like this :
2800 router :
interface FastEthernet0/0 ip address 172.16.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.11.3 255.255.255.0 duplex auto speed auto !
ip route 192.168.12.0 255.255.255.0 172.16.1.2
1841 router :
interface FastEthernet0/0 ip address 172.16.1.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.12.1 255.255.255.0 duplex auto speed auto ! ! ip route 0.0.0.0 0.0.0.0 172.16.1.1
ASA 5510 :
: Saved : Written by enable_15 at 19:21:31.639 UTC Mon Sep 13 2010 ! ASA Version 8.2(1) ! hostname ciscoasa enable password **** encrypted passwd ***** encrypted names name 192.168.12.0 Branch dns-guard ! interface Ethernet0/0 shutdown no nameif no security-level no ip address ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.11.1 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address management-only ! boot system disk0:/asa821-k8.bin ftp mode passive same-security-traffic permit inter-interface same-security-traffic permit intra-interface access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 Branch 255.255.255.0 access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 any access-list inside_access_in extended permit ip Branch 255.255.255.0 192.168.11.0 255.255.255.0 ! tcp-map mssmap synack-data allow invalid-ack allow seq-past-window allow urgent-flag allow ! pager lines 24 logging enable logging asdm informational mtu inside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-621.bin asdm location Branch 255.255.255.0 inside no asdm history enable arp timeout 14400 static (inside,inside) 192.168.11.2 192.168.11.2 netmask 255.255.255.255 static (inside,inside) 192.168.12.2 192.168.12.2 netmask 255.255.255.255 access-group inside_access_in in interface inside route inside Branch 255.255.255.0 172.16.1.1 1 timeout xlate 3:00:00 timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn username ***** password ***** encrypted ! class-map mymap match access-list inside_access_in class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp policy-map myPolicy class mymap set connection advanced-options mssmap ! service-policy global_policy global service-policy myPolicy interface inside prompt hostname context Cryptochecksum:a605d94f29924e5267644dd0f4476145 : end
I can successfully ping from host 192.168.12.2 to 192.168.11.2, but I can't do remote desktop from those host.
then I use wireshark to capture packet in my computer and it says that TCP ACKed Lost Segment.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...