From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Mon Oct 27 2008 - 17:54:06 ARST
Hi Joe,
We all know that the Financial crises are hitting every where and US also
suffereing from this but this does not mean that you will START earning from
GS as well. After that Paul has to put fee for the registration on this
group : ) (One Dollar per person ).
Joe you should be offering like that
Hey Mark I am going to invite you on Webex (1
2008/10/27 Joseph Brunner <joe@affirmedsystems.com>
> ?
>
> I'll fix this for $250 on paypal
>
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Mark
> Anthony
> Sent: Monday, October 27, 2008 1:14 PM
> To: ccie groupstudy
> Subject: ASA Issue
>
> I have configured an ASA 5510 to be between an internet router and a cisco
> switch. I have 3 servers in my inside network which users access from
> outside
> and these servers also have public addresses, my inside user can connect to
> the internet,surf the net and I can also pull down mails from my exchange
> server via the internet, BUT MY REMOTE USERS CANNOT ACCESS THESE SERVERS
> FROM
> THEIR REMOTE END.
>
> Below are the configs on both the router and ASA for someone to please help
> me
> check and look what I did wrong.
>
> Please help me.
>
> :
> ASA Version 7.2(2)
> !
> hostname ciscoasa
> enable password 8Ry2YjIyt7RRXU24 encrypted
> names
> !
> interface GigabitEthernet0/0
> description <connection to the internet router>
> nameif outside
> security-level 0
> ip address 194.203.X.X 255.255.255.0
> !
> interface GigabitEthernet0/1
> description <connection to internal networks>
> nameif inside
> security-level 100
> ip address 194.203.X.X 255.255.255.0
> !
> interface GigabitEthernet0/2
> shutdown
> no nameif
> no security-level
> no ip address
> !
> interface GigabitEthernet0/3
> shutdown
> no nameif
> no security-level
> no ip address
> !
> interface Management0/0
> shutdown
> no nameif
> no security-level
> no ip address
> management-only
> !
> passwd 2KFQnbNIdI.2KYOU encrypted
> ftp mode passive
> access-list 100 extended permit icmp any any echo-reply
> access-list 100 extended permit icmp any any time-exceeded
> access-list 100 extended permit icmp any any unreachable
> access-list 100 extended permit tcp any host 62.173.X.X eq www
> access-list 100 extended permit tcp any host 62.173.X.X eq www
> access-list 100 extended permit tcp any host 62.173.X.X eq smtp
> pager lines 24
> mtu outside 1500
> mtu inside 1500
> no failover
> icmp unreachable rate-limit 1 burst-size 1
> no asdm history enable
> arp timeout 14400
> global (outside) 1 interface
> nat (inside) 1 0.0.0.0 0.0.0.0
> static (inside,outside) 62.173.X.X 194.203.X.X netmask 255.255.255.255 dn
> static (inside,outside) 62.173.X.X 194.203.X.X netmask 255.255.255.255
> s
> static (inside,outside) 62.173.X.X 194.203.X.X netmask 255.255.255.255 dns
> access-group 100 in interface outside
> route outside 0.0.0.0 0.0.0.0 10.163.X.X 1
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
> 0:05:00
> timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
> 0:02:0
> timeout uauth 0:05:00 absolute
> no snmp-server location
> no snmp-server contact
> snmp-server enable traps snmp authentication linkup linkdown coldstart
> telnet 194.203.X.X 255.255.255.255 inside
> telnet timeout 5
> ssh timeout 5
> console timeout 0
> !
> class-map inspection_default
> match default-inspection-traffic
> !
> !
> policy-map type inspect dns preset_dns_map
> parameters
> message-length maximum 512
> policy-map global_policy
> class inspection_default
> inspect dns preset_dns_map
> inspect ftp
> inspect h323 h225
> inspect h323 ras
> inspect rsh
> inspect rtsp
> inspect esmtp
> inspect sqlnet
> inspect skinny
> inspect sunrpc
> inspect xdmcp
> inspect sip
> inspect netbios
> inspect tftp
> !
> service-policy global_policy global
> prompt hostname context
> Cryptochecksum:3897f58ffa9b9b7da8c7fe219442448c
> : end
>
>
>
> CONFIGURATION FOR THE ROUTER
>
> version 12.4
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname Router
> !
> boot-start-marker
> boot-end-marker
> !
> !
> no aaa new-model
> !
> !
> ip cef
> !
> !
> !
> voice-card 0
> no dspfarm
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> interface GigabitEthernet0/0
> description Gateway to CONNECTION TO LAN
> ip address 194.203.X.X 255.255.255.0
> ip access-group 102 in
> ip nat inside
> duplex auto
> speed auto
> !
> interface GigabitEthernet0/1
> description LINK TO ipNX VPN CLOUD
> ip address 10.163.X.X 255.255.254.0
> ip nat outside
> duplex auto
> speed auto
> !
> router eigrp 2113
> network 192.168.X.X 0.0.0.3
> network 194.203.X.X
> network 194.203.X.X
> no auto-summary
> !
> ip forward-protocol nd
> ip route 0.0.0.0 0.0.0.0 10.163.X.X
> ip route 62.173.X.X 255.255.255.255 GigabitEthernet0/0
> ip route 62.173.X.X 255.255.255.255 GigabitEthernet0/0
> ip route 62.173.X.X 255.255.255.255 GigabitEthernet0/0
> !
> ip http server
> no ip http secure-server
> ip nat inside source list 10 interface GigabitEthernet0/1 overload
> ip nat inside source static tcp 62.173.X.X 25 194.203.X.X 25 extendable
> ip nat inside source static tcp 62.173.X.X 80 194.203.X.X 80 extendable
> ip nat inside source static tcp 62.173.X.X 80 194.203.X.X 80 extendable
> !
> access-list 10 permit 194.203.X.X 0.0.0.255
> access-list 102 deny tcp 194.203.0.0 0.0.255.255 any eq 137 log
> access-list 102 deny udp 194.203.0.0 0.0.255.255 any eq netbios-ns log
> access-list 102 deny tcp 194.203.0.0 0.0.255.255 any eq 138 log
> access-list 102 deny udp 194.203.0.0 0.0.255.255 any eq netbios-dgm log
> access-list 102 permit ip any any
> !
> !
> !
> control-plane
> !
> !
> !
> !
> !
> !
> !
> !
> line con 0
> password XXXXXX
> login
> line aux 0
> line vty 0 4
> password XXXXXX
> login
> !
> scheduler allocate 20000 1000
> !
> end
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Muhammad Nasim Network Engineer Saudi ArabiaBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:23 ARST