Jump to content

Site Offline

The community is currently offline and only accessible to those with permission.

Sadikhov IT Certification forums


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Eyasu

  • Rank
  1. Hey, guys. i am kind of new to this forums. And, now, i need your expertise about PORT FORWARDING ASA 5512-X ver.9.1 based on the topology and my detail ASA configuration. All port forwarded worked on Router 2600 series. now, we just remove the Router and replace it with ASA . My detail topology is below. Further clarification, there is an EPON bridge in between ASA and ISP-Router DETAIL OF ASA CONFIGURATION: =============================================================================== ASA Version 9.1(2) ! hostname CORE-FW domain-name enable password encrypted names ! interface GigabitEthernet0/0 nameif OUTSIDE security-level 0 ip address ! interface GigabitEthernet0/1 nameif INSIDE security-level 100 ip address ! interface GigabitEthernet0/2 nameif DMZ security-level 80 ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif Management security-level 90 ip address ! ftp mode passive dns server-group DefaultDNS domain-name object network PUBLIC_IPS range object network PUBLIC_IP1 host object network PUBLIC_IP2 host object network INSIDE_NET subnet object network DMZ_NET subnet object network SERVER_IP host access-list ALLOW-SERVER extended permit icmp any any echo log access-list ALLOW-SERVER extended permit icmp any any echo-reply access-list ALLOW-SERVER extended permit tcp any object SERVER_IP eq 3309 access-list ALLOW-SERVER extended permit tcp any object SERVER_IP range 2002 2003 pager lines 24 logging enable logging asdm informational mtu OUTSIDE 1500 mtu INSIDE 1500 mtu Management 1500 mtu DMZ 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network INSIDE_NET nat (INSIDE,OUTSIDE) dynamic pat-pool PUBLIC_IPS object network DMZ_NET nat (DMZ,OUTSIDE) dynamic pat-pool PUBLIC_IPS object network SERVER_IP nat (DMZ,OUTSIDE) static PUBLIC_IP1 access-group ALLOW-SERVER in interface OUTSIDE route OUTSIDE 1 route INSIDE 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http Management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy telnet INSIDE telnet Management telnet timeout 5 ssh INSIDE ssh Management ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept username password encrypted ! class-map inspection_default match default-inspection-traffic class-map inspection_defualt ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 dns-guard protocol-enforcement nat-rewrite policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect http policy-map global-policy ! service-policy global_policy global