RE: Outsde to inside

Rob,
thanks for advice but trust me I will be not fired i have manager approval
;-) .. please advice abt the current configuration please see below ,

!interface Vlan1 nameif inside security-level 100 ip address 94.xxx.xx.xx
255.255..xxx.xx!interface Vlan3 nameif Outside security-level 0 ip address
213.xxx.xx.xx 255.255.255.252!interface Ethernet0/0 description Uplink to
Etisalat switchport access vlan 3!interface Ethernet0/1 description UPLINK TO
DMVPN ROUTER!interface Ethernet0/2 description uplink to DMVPN
router!interface Ethernet0/3 shutdown!interface Ethernet0/4 shutdown!interface
Ethernet0/5 shutdown!interface Ethernet0/6 shutdown!interface Ethernet0/7
shutdown!ftp mode passiveaccess-list INTERNET extended permit ip any
anyaccess-list INTERNET extended permit icmp any anyaccess-list INTERNET
extended permit tcp any eq www anyaccess-list INTERNET extended permit tcp any
anyaccess-list INTERNET extended permit udp any anyaccess-list INTERNET
extended permit tcp any eq smtp anyaccess-list INTERNET extended permit ospf
any anyaccess-list INTERNET extended permit udp any eq isakmp anyaccess-list
http-list2 extended permit tcp any any!tcp-map mss-map!pager lines 24mtu
inside 1500mtu Outside 1500no failovericmp unreachable rate-limit 1 burst-size
1icmp permit any insideicmp permit any Outsideicmp permit 94.xxx.xx.xx.
255.xxx.x..xx.xx Outsideno asdm history enablearp timeout 14400access-group
INTERNET in interface Outsideroute Outside 0.0.0.0 0.0.0.0 213.xx.xx.xx.
1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00
sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00
absolutetimeout tcp-proxy-reassembly 0:01:00dynamic-access-policy-record
DfltAccessPolicyno snmp-server locationno snmp-server contactsnmp-server
enable traps snmp authentication linkup linkdown coldstartcrypto ipsec
security-association lifetime seconds 28800crypto ipsec security-association
lifetime kilobytes 4608000telnet 94.56.14.1 255.255.255.255 Outsidetelnet
timeout 100ssh 94.xxx.xx.xx 255.xxx.xx.xx.xxx insidessh 213.xxx.xxx..xx
255.255.255.255 Outsidessh timeout 5console timeout 0
threat-detection basic-threatthreat-detection statistics access-listno
threat-detection statistics tcp-interceptusername sameer password
433uZHvFIroCS/8n encrypted privilege 15username averda password
U6zkTENXUzuFzRtZ encrypted privilege 15!class-map http-map1 match access-list
http-list2!!policy-map http-map class http-map1 set connection
advanced-options mss-map!service-policy http-map interface Outsideprompt
hostname contextCryptochecksum:65bd373c10e6d1021d5f4573fd74c67b: end

From: robclav_at_gmail.com
Date: Thu, 21 Oct 2010 13:56:50 +0200
Subject: Re: Outsde to inside
To: i_sameer_at_hotmail.com
CC: ccielab_at_groupstudy.com

Well Sameer, you can do it in several ways, for instance using a permit any,
any.
The easiest way:a)Allow non nated traffic from inside to outside(NO
NAT-CONTROL privilege command at ASA CLI). And allow some traffic from outside
reach your internal network. Used to be mandatory as older versions use nat to
communicate any interface.

B)Create a "identitary"nat proccess, from inside to outside. You "announce"
the same ip address using nat outside to create the "PIPE" of nat proccess.

If you are thinking to allow any traffic to your internal network you can do
it, but after that start to apply to other positions because you will be fired
from your actual job ;))
Hth

Robclavrobclavbcn.blogspot.comwww.kubsolutions.com

2010/10/21 sameer inam <i_sameer_at_hotmail.com>

How do I allow my inside IP accessable from outside on ASA FW 5505 ? BTW my

insde Ip is also Public Ip from ISP /29 subnet .please advice ?

Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 21 2010 - 12:01:51 ART