! First configure a default static route towards the default gatewayĪSA(config)# route outside 0.0.0.0 0.0.0.0 200.1.1.1 The format of the static route command is:ĪSA(config)# route For directly connected networks (DMZ and LAN1) we don’t need to configure a static route since the firewall already knows about these networks as they are directly connected to its interfaces. One Default Static route for Internet access, and one internal static route to reach network LAN2. So we need to configure two static routes. Therefore, in order for the ASA to reach network LAN2, we need to configure a static route to tell the firewall that network 192.168.2.0/24 can be reached via 192.168.1.1. Rather, there is an internal router with address 192.168.1.1 through which we can reach LAN2. LAN2 is not directly connected to the firewall. Additionally, there is another internal network, namely LAN2, with network 192.168.2.0/24. LAN1 is directly connected to the Inside interface of the firewall.
The default gateway towards the ISP is 200.1.1.1.
! interface GigabitEthernet0/0 nameif outside security-level 0 ip address 1.1.1.2 255.255.255.252 ! interface GigabitEthernet0/1 nameif dmz security-level 50 ip address 10.20.20.1 255.255.255.0 ! interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/6 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address ! ftp mode passive same-security-traffic permit inter-interface same-security-traffic permit intra-interface object service PORT_5000 service tcp destination eq 5000 object service PORT_23 service tcp destination eq telnet object network SERVER host 10.20.20.10 object service TELNET service tcp source eq telnet access-list outside_to_dmz extended permit tcp any host 10.20.20.10 eq telnet access-list outside_to_dmz extended permit tcp any any eq telnet pager lines 23 mtu outside 1500 mtu dmz 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 icmp permit any outside icmp permit any dmz no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 8192 nat (dmz,outside) source dynamic any interface ! object network SERVER nat (dmz,outside) static interface service tcp telnet telnet access-group outside_to_dmz in interface outside route outside 0.0.0.0 0.0.0.0 1.1.1.The ASA connects to the internet on the outside and also has a DMZ and Internal zones.
#CISCO ASDM 5.2 HOW TO SET UP STATIC NAT FOR DMZ PASSWORD#
I'll post the config here for the ASA.ĪSA Version 9.9(2) ! hostname ciscoasa enable password $sha512$5000$OesS1Q0ztcWz2bIF489rMw=$vyauUzBcHsmkMIwL8g8ZIA= pbkdf2 names
All the other config is up and working on everything else, R2 can ping R3 as well through the dynamic NAT rule i've setup, the static NAT for some unknown reason just doesn't seem to want to work and I think i've done everything right to. Hi guys, so basically i have no clue as to why the SNAT i've setup on my ASA here to go to R2 here for telnet on R2 from either R3 or R4 isn't working.
0 kommentar(er)
