Search the Community

Showing results for tags 'firewall'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • CERTIFICATION
    • CISCO SYSTEMS
    • MICROSOFT
    • COMPTIA
    • CLOUD | VIRTUALISATION
    • LPI - RHCSA - RHCE
    • EXIN - OPEN GROUP - PROJECT MANAGEMENT
    • ISC2 - EC-COUNCIL CEH - CHECKPOINT
    • JUNIPER
    • HP / IBM
    • ORACLE / SUN MICROSYSTEMS
    • WIRELESS
    • OTHER CERTIFICATIONS
  • TECHNICAL
    • GENERAL I.T.
    • OPERATING SYSTEMS & NETWORK MANAGEMENT
    • SECURITY
    • MOBILE TECHNOLOGIES
    • DEVELOPMENT / PROGRAMMING
    • HARDWARE
    • DATABASES
  • TRAINING RESOURCES
    • TRAINING CENTERS
    • EXAM VOUCHERS
    • EXCHANGE AND MART
    • OFFERS
    • REQUESTS
    • KNOWLEDGE BASE
  • GENERAL FORUMS
    • GENERAL TOPICS
    • CAREER BUILDERS
    • INTERNATIONAL
    • YOUR FEEDBACK

Calendars

  • Community Calendar

Blogs

  • FS' Blog
  • kippy's Blog
  • 13th Worrier's Blog
  • Screeeeeem's Blog
  • raulfmartin's Blog
  • wangxiaoping's Blog
  • A MOD's maunders
  • mirsin Blog
  • SNPA dumps required
  • Amjad Ali's Blog
  • Cerebral Assasin's Blog
  • mukhtar's Blog
  • ccna discovery 4 final exam
  • malix's Blog
  • Xshan's Blog
  • solaris 310-200
  • Haleem's Blog
  • kIdMaN's Blog
  • AKMCITP's Blog
  • Lethe's Blog
  • ....it's BOFH's Blog
  • Switch using Dynamips...?
  • manoshbrabagar's Blog
  • Bamu's Blog
  • Vendetta Blog
  • Nishant.M's Blog
  • fernandodelrio's Blog
  • cooolioss' Blog
  • @rout's Blog
  • uozzap's Blog
  • A + Exam
  • mvs subramanyam's Blog
  • wala's Blog
  • vignesh muthu krishnan's Blog
  • onepunch's Blog
  • Teku's Blog
  • raheelzamir's Blog
  • diego12's Blog
  • ITIL V3 certification Help
  • Anphi's Blog
  • Bdoug7's Blog
  • Star*'s Blog
  • xboy's Blog
  • Hiro's Blog
  • timtrey's Blog
  • anand.tony's Blog
  • Assembly Language Programming
  • Muhammad Rashid's Blog
  • happyanunoit200's Blog
  • Ravinder Tomer's Blog
  • Lintel Technologies' Blog
  • kauzen's Blog
  • Neo2003sp1's Blog
  • sleepless' Blog
  • mallikarjunarao's Blog
  • mip104's Blog
  • parveen jindgar's Blog
  • Stefanely's Blog
  • h4ck3t's Blog
  • diganto's Blog
  • CISCO_SYSTEMS123's Blog
  • Ines Citrix Blog
  • silenustang's Blog
  • trasnet's Blog
  • chennairider's Blog
  • agus.setiawan's Blog
  • FREE CCNP CCIE Nuggets Downloads
  • JDJ
  • sohaib's Blog
  • Amsin's Blog
  • rkd rkd's Blog
  • Zainul
  • Lollipop's Blog
  • itechs' Blog
  • branoo92's Blog
  • jigarbalani's Blog
  • vishalsharma0803's Blog
  • 4ziz's Blog
  • sachin143
  • deep blue
  • rzaartz's IT Manager's Blog
  • lakshminarayanan's Blog
  • Mehboob ur Rehman's Blog
  • smsm425's Blog
  • evilmm's Blog
  • fantacy's Blog
  • ChancesD's Blog
  • johnny.hong's Blog
  • CCNA P4S update 21-08-08 wanted
  • uday123's Blog
  • jovi
  • gregadams' Blog
  • pratikg4u's Blog
  • solution's Blog
  • cancerapr's Blog
  • devans' Blog
  • kinggriffin's Blog
  • sebznology
  • rose's Blog
  • Angus
  • UNIX System admin's Blog
  • MIhai's Blog
  • jothomas' Blog
  • Sohail20's Blog
  • erfan's Blog
  • kofi28's Blog
  • in2test.com
  • ifarhan84's Blog
  • jojovadaya's Blog
  • test321's Blog
  • CWNA Exam
  • Cisco 642-975
  • MCSEPS3's IT Odyssey
  • giankana's Blog
  • AFU's Blog
  • naren_3011's Blog
  • Gagan deep Singh's Blog
  • Another Cisco Blog...
  • Jellyyu's Blog
  • tijo's Blog
  • Chandra sekhar g's Blog
  • sivaraj's Blog
  • nforyou's Blog
  • MRJANU's Blog
  • mstrainer's Blog
  • p4s exams
  • casim's Blog
  • zcipher's Blog
  • gurvi's Blog
  • Muhammad Kashif Latif's Blog
  • omk's Blog
  • Atif's Blog
  • budcrow's Blog
  • Cheap braindump think again
  • Alfy's Blog
  • TechExpert's Blog
  • lalraushan's Blog
  • 640-802e's Blog
  • ccie security technology labs
  • Dboy's Blog
  • lrather's Blog
  • Adii's Blog
  • radeon_india's Blog
  • coolpmo's Blog
  • WoOkieE's Blog
  • amol0009in_7's Blog
  • New IT Community
  • farazbs20's Blog
  • bonbet16's Blog
  • s29's Blog
  • affanm's Blog
  • Citrix_IIS_Solutions
  • Noushad CH's Blog
  • TEST104's Blog
  • catchmyglimpse_sam's Blog
  • Information Exchange Site
  • hyunlove's Blog
  • Anoop Nair's Blog
  • Security+ 2007 Edition
  • mahii's Blog
  • vikramkumar's Blog
  • Faysal_Malik's Blog
  • OCP
  • techzen's Blog
  • MoeChess' Blog
  • sasak's Blog
  • Vision Mar/Apr 2009 CCIE R&S Lab Study Group
  • ArifAmin's Blog
  • Von's Blog
  • male_pune4u's Blog
  • Ping Mahesh's Blog
  • g2b
  • rainbow9810's Blog
  • Bryan's Life?
  • Blackberry certifications
  • helteaser8's Blog
  • Bluetus' Blog
  • Sashika's Blog
  • Bharath Theja's Blog
  • lionixhere's Blog
  • professorAmresh's Blog
  • KULAR99'
  • Welcom to Test4actual
  • cppani's Blog
  • We help you pass the exam
  • wormholer's Blog
  • bitje's Blog
  • prettyme0430's Blog
  • chirag jadav's Blog
  • sunil20's Blog
  • CCSP
  • Adventures in Networking
  • sush_hot2007's Blog
  • Raaman
  • 70-526 Blog
  • Help a Little
  • grimmjow's Blog
  • guy20010's Blog
  • ac711's Blog
  • ccie2bsoon's Blog
  • hampeh's Blog - hampeh sungguh, wakakaka
  • Edwin.Tan's Blog
  • truetesting's Blog
  • Adi Dibra's Blog
  • vinodh kumar's Blog
  • webtechnologies(india)
  • Zizic's Blog
  • aleemj's Blog
  • vbabunvbm's Blog
  • sandeshk's Blog
  • melcpl's Blog
  • Abid Ali's Blog
  • qatarneh's Blog
  • Sharayri's Blog
  • ala12's Blog
  • Way of the CCIE
  • CCVP (new) EXAM BLOG
  • sus Jadhav's Blog
  • Tanvver's Blog
  • Srinath k's Blog
  • AlphaDog's CCNA to CCIE Blog
  • LyonJT's Blog
  • pradip_123's Blog
  • Jinomariath's Blog
  • Sameer Naik's Blog
  • raghu shukla's Blog
  • vravikumar1979's Blog
  • misslizzy's Blog
  • CCNA4U.TK's Blog
  • rafiscr's Blog
  • saquibsohail's Blog
  • CCNP ONT v 3.12
  • ripudaman's Blog
  • fady111981's Blog
  • shri_comm's Blog
  • kamtec1's Blog - Sysadmin ,IT,Security,Exhange,Servers
  • Senthil_Kumarpv's Blog
  • Bassam25's Blog
  • PaaNii's Blog
  • nizzsmiles' Blog
  • Ned_Genius' Blog
  • ciscociscowwwwwwwwwwwww's Blog
  • achim's Blog
  • ASA
  • Yejian Technology's Blog
  • FARRUKH Naseem's Blog
  • superman88's Blog
  • zahedkhan08's Blog
  • abhishekt's Blog
  • Dynamips not working on win 2k
  • Be Quick Or Be Dead!
  • SUJAYBV's Blog
  • gurusamy's Blog
  • pbiscolt's Blog
  • Emmanuelame's Blog
  • MY PATH TO CCNP
  • rohit24login's Blog
  • CCVP Tutorials
  • FPRTypeS' Blog
  • asli's Blog
  • cupid1102's Blog
  • Sudhir Mishra's Blog
  • Pradeep Shinde's Blog
  • yasir1's Blog
  • asishk's Blog
  • Brison
  • Moncy K Sam's Blog
  • mgtone
  • jflat's Blog
  • Snipes' Blog
  • Alaa Fekry Blog
  • toplao's Blog
  • safi-Tech's Blog
  • geetscertified's Blog
  • zubairquadri's Blog
  • Afridi's Blog
  • aydot's Blog
  • work from home
  • Spajwani's Blog
  • valjon's Blog
  • FREE JOBS - ONLINE DATA ENTRY
  • SanShirs' Blog
  • jasper94's Blog
  • alee1991's Blog
  • MCTS + MCITP
  • biyoj1's Blog
  • shera's Blog
  • redeagle82's Blog
  • Cisco Wood
  • Stonesoft Firewall and IPS
  • CCNP Materials
  • vikash kadian's Blog
  • pochacco's Blog
  • RN0-309 certification Blog
  • ireagle1's Blog
  • asak's Blog
  • Ibne Adam's Blog
  • mtnbikeddie's Blog
  • metallica's Blog
  • cbtfreak
  • Shaikat69's Blog
  • tostos' Blog
  • CCVP
  • zacarias' Blog
  • Barrick's Studies
  • floflorinu's Blog
  • kaotic5621's Blog
  • kaotic562's Blog
  • SNAF Testking Request
  • maniar83's Blog
  • kashnaveen82's Blog
  • nmhatre's Blog
  • Nithyaanandh Rajasekar's Blog
  • NissanDelhi's
  • Johnny Pervaiz's Blog
  • Akthar's Blog
  • *@vinay@*'s Blog
  • Heather's Blog
  • clear4sure's Blog
  • PravinT's Blog
  • crashinfo's Blog
  • oracle 10g New features for administrators(1z0-040)
  • MARSrelease 6
  • TESLA.COIL's Blog
  • wxbctz's Blog
  • dul_tk's Blog
  • narendra.s' Blog
  • devanshu's Blog
  • winit's Blog
  • ITIL Certification
  • Khaled_Rifaat's Blog
  • a512653's Blog
  • Windows NT 4.0
  • testpassport's Blog
  • Singh's Blog
  • ibtihel
  • guru_i_m's Blog
  • unixlife's Blog
  • Shamim Malik's Blog
  • Desktop support
  • AbdulKhan's Blog
  • prakashka's Blog
  • sarfaraz_23's Blog
  • ragurama's Blog
  • sieg's Blog
  • Jitu.Blog
  • peeyush2009's Blog
  • akramdhaini's Blog
  • hi's Blog
  • mujtaba2k4u's Blog
  • Big John Godi's Blog
  • anwarulislam's Blog
  • VMware Virtual Infrastructure Basic & Advanced Training Course in Hyderabad by VMware Authorized Trainers
  • stin'ger
  • satish patil's Blog
  • benxiaohai's Blog
  • Roygbiv's blog
  • CMTHIRU's Blog
  • dwalshflorida's Blog
  • patrick james' Blog
  • JJKK's Blog
  • absabbarabar's Blog
  • willie pereira's Blog
  • Cisco CCNA CCNP CCSP CCVP CCIE
  • technical_man's Blog
  • skyblue83's Blog
  • Payal Raaj's Blog
  • Rdare's Blog
  • Juniper Vouchers Available
  • nadim's Blog
  • Anna_zik's Blog
  • CISCO IPCC
  • PrepLogic's Blog
  • ogami_itto's Blog
  • lbikram's Blog
  • kashnaveen's Blog
  • utpal_fadte's Blog
  • jgohil's Blog
  • jama's Blog
  • Mohamed Sangey's Blog
  • Eduard Gevorkyan's Blog
  • Info Blog
  • Iolanda's Blog
  • ITIL Certification
  • Cisco Exploration CCNA 4.0
  • Free TestKing Exams
  • mahajan's Blog
  • CCNP BSCI
  • SONU-Cisco System's Blog
  • mkk_kashif's Blog
  • rajsharma_85's Blog
  • itil software
  • krishnakumar M's Blog
  • torik _ Blog
  • iyke anyanwu`s Blog
  • corework's Blog
  • viren
  • parakrama55's Blog
  • madunix's Blog
  • wawanridwan's Blog
  • Network Engineer
  • Network Engineer
  • MF's Blog
  • vijay
  • vijay_poonia's Blog
  • milind1's Blog
  • alexzam's Blog
  • Indian-Punk's Blog
  • thoko's Blog
  • fayazcb's Blog
  • fayazcb's Blog
  • shankar4u.m's Blog
  • mark2000's Blog
  • vijays2009's Blog
  • sachinp's Blog
  • ewu's Blog
  • ewu's Blog
  • yuvraj chauhan's Blog
  • abu aws' Blog
  • abu aws' Blog
  • gaichin's Blog
  • gaichin's Blog
  • IC extraction's Blog
  • ucexperts Blog
  • Shawn Moore Cisco Trek
  • Jey's Blog
  • imshah's Blog
  • upen singh's Blog
  • abdmeziane's Blog
  • abdmeziane's Blog
  • NTRPS' Blog
  • siddkharta's Blog
  • April's Blog
  • Denny Brown's Blog
  • The inscriptions of sawkal
  • Misty's Blog
  • hags' Blog
  • VChirag's Blog
  • SQL Database Recovery
  • SQL database recovery & repair software
  • VoiceBootcamp Unified Communication Blog
  • VoiceBootcamp's Blog
  • Bugkuska's Blog
  • bugkuska's Blog
  • CompTIA PDI+
  • jan_ji24's Blog
  • Clases de salsa en Malaga
  • getraf
  • jowan
  • ozy's Blog
  • zenky's Blog
  • zenky's Blog
  • EIGRP AD
  • vvxifeng16's Blog
  • chinaiwala's Blog
  • Misty's Blog
  • Mike Mac's Blog
  • Webby's Blog
  • Webby's Blog
  • WT INTERNETWORKS
  • shefar's Blog
  • Jeremyz's Blog
  • ket_mestry's Blog
  • sreejithraj's Blog
  • sreejithraj's Blog
  • K-System
  • Network Security Project's Blog
  • pkmrafeek's Blog
  • pkmrafeek's Blog
  • amin noura's Blog
  • fsdg's Blog
  • passfine's Blog
  • passfine's Blog
  • tqfnihao's Blog
  • tqfnihao's Blog
  • binbinlin's Blog
  • kejing's Blog
  • Best CCIE CCNP CCNA Training in Gurgaon's Blog
  • Zain
  • zain2009's Blog
  • Secure Your E-Commerce Business With ClickSSL.com
  • Secure Your E-Commerce Business With ClickSSL.com
  • TheSSLstore Blog - Buy SSL Certificate
  • purevpn's Blog
  • purevpn's Blog
  • Network Tech
  • isscnsguy's Blog
  • jamesman's Blog
  • World's Youngest CCIE
  • World's Youngest CCIE
  • mnbvcxz3's Blog
  • PacketFactory.info
  • PacketFactory
  • Best CCIE CCNP in Gurgaon's Blog
  • CISCO4LIFE's Blog
  • CISCO4LIFE's Blog
  • Mohanp's Blog
  • rameshmatcha's Blog
  • Pawan_Bhattarai's Blog
  • bp.sudan1986's Blog
  • bp.sudan1986's Blog
  • parveenkhurana's Blog
  • parveenkhurana's Blog
  • manojrsm's Blog
  • manojrsm's Blog
  • call manager express
  • MAHAK's Blog
  • MAHAK's Blog
  • adesh's Blog
  • zjblog02's Blog
  • Neha
  • Darby Weaver's CCIE Blog
  • Darby Weaver's CCIE Blog
  • networkur's Blog
  • V.G.Senthil's Blog
  • V.G.Senthil's Blog
  • Fire ice 9's Blog
  • Fire ice 9's Blog
  • Fire ice 9's Blog
  • Fire ice 9's Blog
  • NetwormeD's Blog
  • NetwormeD's Blog
  • beqa chkopoia's Blog
  • beqa chkopoia's Blog
  • AVINA
  • darkie's Blog
  • darkie's Blog
  • akssun's Blog
  • worldforyou
  • MnetIT's Blog
  • micro.cisco.vouchers' Blog
  • Jay's Blog
  • worldforyou's Blog
  • Aroworowon sodiq's Blog
  • richard343456's Blog
  • richard343456's Blog
  • Anand Blog
  • meong X's Blog
  • carpinteyrovjx's Blog
  • james_rubin's Blog
  • cmd problem
  • trainingdeveloping's Blog
  • trainingdeveloping's Blog
  • Koenig Solutions Pvt Ltd
  • testkiller.me for MCSE A+ Cisco Oracle Java CCNA Certification Exams Study Guides
  • usedhandhelds' Blog
  • scientist.kc's Blog
  • kingkaran's Blog
  • angry birds game's Blog
  • nicola9001's Blog
  • amt.tee's Blog
  • GAZIMALAM's Blog
  • GAZIMALAM's Blog
  • Ahamadiii's Blog
  • Shottas' Blog
  • rayearthmich's Blog
  • rayearthmich's Blog
  • juni1820's Blog
  • juni1820's Blog
  • SLCCNA's Blog
  • The Net
  • ActualExams
  • y8cargame's Blog
  • MrMojo's Blog
  • MrMojo's Blog
  • Kari's Blog
  • Kari's Blog
  • IP address assignment on Wireless clients
  • IP address assignment on Wireless clients
  • vithobha's Blog
  • vithobha's Blog
  • newsletter's Blog
  • Priya Gerald's Blog
  • Priya Gerald's Blog
  • vahnika's Blog
  • networkershome's Blog
  • networkershome's Blog
  • vahnika's Blog
  • paashogia's Blog
  • paashogia's Blog
  • Lavanyakri's Blog
  • Jaideep's Blog
  • Jaideep's Blog
  • Ben10005's Blog
  • Ben10005's Blog
  • Cisco Router Switch Blog
  • Muhammad Abid Adnan's Blog
  • Discounted Microsoft Vouchers
  • Discounted Vouchers Available under PROMETRIC
  • Jagdish Joshi
  • cheapestitvouchers
  • buyvouchers' Blog
  • buyvouchers' Blog
  • emcad89's Blog
  • Muhammad Abid Adnan's Blog
  • salma123's Blog
  • itzeeshan's Blog
  • itzeeshan's Blog
  • prag55th's Blog
  • nextccie007's Blog
  • nextccie007's Blog
  • CCNA voice 8.0 Training in karachi contact 03018252374
  • mazharsaeedms' Blog
  • CCIE Voice Partner
  • alimalik8222's Blog
  • rocky5's Blog
  • rocky5's Blog
  • faisal vistro's Blog
  • nms' Blog
  • VictorSim's Blog
  • VictorSim's Blog
  • geeks-hub
  • geeks-hub
  • goodbusiness' Blog
  • tnscomputercentre's Blog
  • tnscomputercentre's Blog
  • IT-Soulution's Blog
  • FiberOpticNetWork
  • ceh@mercury's Blog
  • ceh@mercury's Blog
  • ceh@mercury's Blog
  • Deepak Shirdhonkar's Blog
  • Deepak Shirdhonkar's Blog
  • CCIE Exam Policies
  • Deejay25's Blog
  • themes' Blog
  • Need Sharepoint 2010 assistance
  • el.kumar's Blog
  • Sharepoint 2010 self learning
  • Sharepoint 2010 self learning
  • Secondary Domain Controller
  • Adeeldar80's Blog
  • tanvi kapoor's Blog

Found 6 results

  1. I'm having trouble forwarding ports using a Cisco 1811W with Zone Based Firewall Interface FastEthernet 1 - Zone OUTSIDE (The Internet) Interface FastEthernet 0 - Zone DMZ (Raspberry Pi Server - 10.0.0.4) Switchports/Wifi - Zone INSIDE (The LAN) Basically I'm trying to forward ports from 10.0.0.4 like so... ip nat inside source static tcp 10.0.0.4 3389 interface FastEthernet1 3389 ip nat inside source static tcp 10.0.0.4 22 interface FastEthernet1 22 ip nat inside source static tcp 10.0.0.4 8080 interface FastEthernet1 8080 and for now the ACL's are set to... ip access-list extended ACL_DMZ_TO_OUTSIDE permit ip any any ip access-list extended ACL_OUTSIDE_TO_DMZ permit ip any any But I can't get in from the Internet, the LAN and the DMZ can both access the internet and currently each other too. Using the local IP 10.0.0.4 (Raspberry Pi) I can SSH 22, RDP 3389 and HTTP 8080 but no luck using the domain name or public IP address of Interface FastEthernet 1. Below is mostly relevant parts of my config: ************************************ ! ! Last configuration change at 18:27:06 AEDT Sat Mar 12 2016 by me version 15.1 ! ! class-map type inspect match-any CLASS_MAP_DMZ_TO_OUTSIDE match access-group name ACL_DMZ_TO_OUTSIDE class-map type inspect match-any CLASS_MAP_OUTSIDE_TO_DMZ match access-group name ACL_OUTSIDE_TO_DMZ class-map type inspect match-any CLASS_MAP_OUTSIDE_TO_SELF match access-group name ACL_OUTSIDE_TO_SELF class-map type inspect match-any CLASS_MAP_INSIDE_TO_OUTSIDE match access-group name ACL_INSIDE_TO_OUTSIDE class-map type inspect match-any CLASS_MAP_OUTSIDE_TO_INSIDE match access-group name ACL_OUTSIDE_TO_INSIDE class-map type inspect match-any CLASS_MAP_DMZ_TO_INSIDE match access-group name ACL_DMZ_TO_INSIDE class-map type inspect match-any CLASS_MAP_INSIDE_TO_DMZ match access-group name ACL_INSIDE_TO_DMZ ! ! policy-map type inspect POLICY_MAP_DMZ_TO_INSIDE class type inspect CLASS_MAP_DMZ_TO_INSIDE inspect class class-default drop policy-map type inspect POLICY_MAP_INSIDE_TO_DMZ class type inspect CLASS_MAP_INSIDE_TO_DMZ inspect class class-default drop policy-map type inspect POLICY_MAP_OUTSIDE_TO_SELF class type inspect CLASS_MAP_OUTSIDE_TO_SELF pass class class-default drop policy-map type inspect POLICY_MAP_INSIDE_TO_OUTSIDE class type inspect CLASS_MAP_INSIDE_TO_OUTSIDE inspect class class-default drop policy-map type inspect POLICY_MAP_OUTSIDE_TO_INSIDE class type inspect CLASS_MAP_OUTSIDE_TO_INSIDE inspect class class-default drop policy-map type inspect POLICY_MAP_DMZ_TO_OUTSIDE class type inspect CLASS_MAP_DMZ_TO_OUTSIDE pass class class-default drop policy-map type inspect POLICY_MAP_OUTSIDE_TO_DMZ class type inspect CLASS_MAP_OUTSIDE_TO_DMZ pass class class-default drop ! zone security OUTSIDE zone security INSIDE zone security DMZ zone-pair security ZONE_PAIR_OUTSIDE_TO_SELF source OUTSIDE destination self service-policy type inspect POLICY_MAP_OUTSIDE_TO_SELF zone-pair security ZONE_PAIR_INSIDE_TO_OUTSIDE source INSIDE destination OUTSIDE service-policy type inspect POLICY_MAP_INSIDE_TO_OUTSIDE zone-pair security ZONE_PAIR_OUTSIDE_TO_INSIDE source OUTSIDE destination INSIDE service-policy type inspect POLICY_MAP_OUTSIDE_TO_INSIDE zone-pair security ZONE_PAIR_INSIDE_TO_DMZ source INSIDE destination DMZ service-policy type inspect POLICY_MAP_INSIDE_TO_DMZ zone-pair security ZONE_PAIR_DMZ_TO_INSIDE source DMZ destination INSIDE service-policy type inspect POLICY_MAP_DMZ_TO_INSIDE zone-pair security ZONE_PAIR_OUTSIDE_TO_DMZ source OUTSIDE destination DMZ service-policy type inspect POLICY_MAP_OUTSIDE_TO_DMZ zone-pair security ZONE_PAIR_DMZ_TO_OUTSIDE source DMZ destination OUTSIDE service-policy type inspect POLICY_MAP_DMZ_TO_OUTSIDE ! ! ! bridge irb ! interface FastEthernet0 description DMZ ip address 10.0.0.2 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in zone-member security DMZ duplex auto speed auto ! interface FastEthernet1 ip address dhcp no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip ips sdm_ips_rule in ip virtual-reassembly in ip verify unicast source reachable-via rx allow-default 100 zone-member security OUTSIDE duplex auto speed auto ! ! ! interface Vlan1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly in bridge-group 1 ! interface Async1 no ip address no ip redirects no ip unreachables no ip proxy-arp encapsulation slip ! interface BVI1 ip address 192.168.100.2 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security INSIDE ! ip forward-protocol nd no ip http server ip http authentication local ip http secure-server ! ! ip nat inside source list NAT interface FastEthernet1 overload ip nat inside source static tcp 10.0.0.4 3389 interface FastEthernet1 3389 ip nat inside source static tcp 10.0.0.4 80 interface FastEthernet1 80 ip nat inside source static tcp 10.0.0.4 22 interface FastEthernet1 22 ip nat inside source static tcp 10.0.0.4 8080 interface FastEthernet1 8080 ip route 0.0.0.0 0.0.0.0 FastEthernet1 ! ip access-list extended ACL_DMZ_TO_INSIDE permit ip any any deny ip any any ip access-list extended ACL_DMZ_TO_OUTSIDE permit ip any any ip access-list extended ACL_INSIDE_TO_DMZ permit ip any any deny ip any any ip access-list extended ACL_INSIDE_TO_OUTSIDE permit ip any any ip access-list extended ACL_OUTSIDE_TO_DMZ permit ip any any ip access-list extended ACL_OUTSIDE_TO_INSIDE permit udp any host 192.168.100.55 eq 5060 permit udp any host 192.168.100.55 range 1020 1040 permit udp any host 192.168.100.55 range 16384 16482 ip access-list extended ACL_OUTSIDE_TO_SELF permit udp any any eq bootpc ip access-list extended NAT permit ip 192.168.100.0 0.0.0.255 any permit ip 10.0.0.0 0.0.0.255 any deny ip any any ! logging trap debugging logging facility local2 access-list 100 permit udp any any eq bootpc no cdp run ! ! ! end
  2. Hi All, I am preparing for my CCNA security Exam. I have difficulty with inbound NAT setup. Setup is Internet -- > ASA -- > LAN (Inside) -- > Cisco Router (3600) I want to forward SSH (customer port 8222) back to cisco router. NAT, ACL on ASA is setup correctly as this works in when I have DHCP server running asa inside interface. That is when router picks IP address from ASA ( as it wil have ASA as default gateway) upto this points every thing works Great Issue is I am moved DHCP server from ASA to Router with ASA as setup to default gateway. I have few other servers on LAN , which picks IP address default gateway , port forwarding works for them. But as my router interface f0/0 (which connects back to ASA) I have static Ip address. That where it doesn't respond to port forwarding request from outside. My understanding is that as there is not default gateway that's why it's failing. I have tried to on interface f0/0 to get IP address from local pool but that didn't worked. interface f0/0 ip address pool mypool as well as ip add dhcp but for some reason this interface doesn't my ip address from my pool. I know pool is working fine as other devices get IP address fine from poo. Any Help on this would by appreciated.
  3. Hello, I have a firewall question that I need some feedback on. I recently inherited a network infrastructure that is not the norm or at least I have not seen this. I have your standard Cisco ASA 5550 firewall configuration with an outside interface, inside interface and DMZ interface. The inside interface and the DMZ interface both have a direct connection to a Cisco 3750 switch. Is there a way to separate those 2 networks from not talking to eachother? Do I have to purchase another switch? Thanks,
  4. Hi All What are the main differences between a Zone based firewall and a CBAC firewall ? Many thanks James
  5. Trying to complete a site-to-site vpn but unable to get vpn connectivity between the dmz and remote site networks dmz (local network): 10.160.129.48 255.255.255.240 (2 ip addr being used 10.160.129.49, 10.160.129.50) remote (network): 10.120.0.0 255.255.192.0 the vpn parameters are all verified and ok The vpn only establishes if i use the following access-list, but the remote side drops the connection. However, the requirement is no NATing. So this is not an option access-list rogers_apn extended permit ip host 1.2.3.114 10.120.0.0 255.255.192.0 The remote site can see the packets being dropped because of the source NATing that the above access-list does. I've tried to remove the NATing, but the result is no vpn connection. When I use this access-list, nothing happens. access-list rogers_apn extended permit ip 10.160.129.48 255.255.255.240 10.120.0.0 255.255.192.0 Can someone have a look at my configs to see what's missing or point me in the right direction that allows traffic flow between dmz & remote network? I believe it's a NATing issue, but I can't figure it out. Thanks in advance. MTREXFW02# sh run : Saved : ASA Version 7.0(8) ! hostname MTREXFW02 domain-name cisco.com enable password N8iVIoABOjhNrEKz encrypted passwd 2NOok0J6OZxGHfk3 encrypted names dns-guard ! interface Ethernet0/0 nameif external security-level 0 ip address 1.2.3.114 255.255.255.240 ! interface Ethernet0/1 nameif internal security-level 100 ip address 10.10.11.1 255.255.255.0 ! interface Ethernet0/2 nameif DMZ security-level 50 ip address 10.160.129.50 255.255.255.0 ! interface Ethernet0/3 speed 100 duplex half nameif rogers1 security-level 75 no ip address ! interface Management0/0 nameif management security-level 100 ip address 192.168.100.1 255.255.255.0 management-only ! banner motd * This system is the property of XXXX Networks. Any unathorized access is prohibited and all prosecutor will be fined and/or punished to the fullest extent of the law* ftp mode passive dns domain-lookup external dns domain-lookup internal dns domain-lookup DMZ dns domain-lookup management dns name-server x.y.z.21 dns name-server x.y.z.53 dns name-server a.b.c.198 access-list rogers_apn extended permit ip 10.160.129.48 255.255.255.240 10.120.0.0 255.255.192.0 access-list rogers_apn extended permit ip host 1.2.3.114 10.120.0.0 255.255.192.0 access-list dmz_access_in extended permit ip 10.120.0.0 255.255.192.0 host 10.160.129.49 access-list inside_nat0_outbound extended permit ip 10.10.11.0 255.255.255.0 192.168.20.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.80.0.0 255.255.254.0 10.10.1.0 255.255.255.0 access-list 110 extended permit ip any any access-list 100 extended permit icmp any any echo-reply access-list 100 extended permit icmp any any time-exceeded access-list 100 extended permit icmp any any source-quench access-list 100 extended permit icmp any any unreachable access-list 100 extended permit ip 10.120.0.0 255.255.192.0 host 10.160.129.49 access-list capture1 extended permit udp any any eq isakmp access-list apn-nonat extended permit ip 10.160.129.48 255.255.255.240 10.120.0.0 255.255.192.0 pager lines 24 logging enable logging monitor debugging logging asdm informational mtu external 1500 mtu internal 1500 mtu DMZ 1500 mtu management 1500 mtu rogers1 1500 ip local pool vpnpool 192.168.20.100-192.168.20.150 mask 255.255.255.0 no failover asdm image disk0:/asdm-508.bin no asdm history enable arp timeout 14400 global (external) 10 interface global (DMZ) 10 interface nat (internal) 0 access-list inside_nat0_outbound nat (internal) 10 access-list 110 nat (DMZ) 0 access-list apn-nonat nat (DMZ) 10 access-list rogers_apn nat (DMZ) 10 0.0.0.0 0.0.0.0 access-group 100 in interface external access-group dmz_access_in in interface DMZ route external 0.0.0.0 0.0.0.0 1.2.3.113 1 route internal 10.64.0.0 255.248.0.0 10.10.11.2 1 route internal 10.80.0.0 255.248.0.0 10.10.11.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username tech password u7alYakuPBrygkxj encrypted aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authentication telnet console LOCAL http server enable <section_removed> no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 3600 crypto ipsec security-association lifetime kilobytes 5000 crypto dynamic-map external_dyn_map 10 set transform-set ESP-3DES-SHA crypto dynamic-map external_dyn_map 10 set security-association lifetime seconds 288000 crypto dynamic-map external_dyn_map 10 set security-association lifetime kilobytes 4608000 crypto dynamic-map external_dyn_map 10 set reverse-route crypto map external_map 20 match address rogers_apn crypto map external_map 20 set peer 1.1.1.1 crypto map external_map 20 set transform-set ESP-3DES-MD5 crypto map external_map 20 set security-association lifetime seconds 3600 crypto map external_map 20 set security-association lifetime kilobytes 5000 crypto map external_map 65535 ipsec-isakmp dynamic external_dyn_map crypto map external_map interface external isakmp enable external isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash sha isakmp policy 1 group 2 isakmp policy 1 lifetime 43200 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp nat-traversal 20 tunnel-group 1.1.1.1 type ipsec-l2l tunnel-group 1.1.1.1 ipsec-attributes pre-shared-key * isakmp keepalive disable telnet 10.10.11.0 255.255.255.0 internal telnet 192.168.100.0 255.255.255.0 internal telnet 192.168.20.0 255.255.255.0 internal telnet timeout 5 ssh 0.0.0.0 0.0.0.0 external ssh timeout 5 console timeout 0 management-access internal dhcpd address 192.168.100.2-192.168.100.254 management dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd enable management ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global Cryptochecksum:d7a9c682f8e7b7fd5834ef3d3bd49616 : end MTREXFW02# ISAKMP SA & IPSEC SA info: MTREXFW02# sh crypto isakmp sa Active SA: 1 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 1 1 IKE Peer: 74.198.28.1 Type : L2L Role : initiator Rekey : no State : MM_ACTIVE MTREXFW02# sh cry MTREXFW02# sh crypto ip MTREXFW02# sh crypto ipsec sa interface: external Crypto map tag: external_map, seq num: 20, local addr: 1.2.3.114 access-list rogers_apn permit ip host 1.2.3.114 10.120.0.0 255.255.192.0 local ident (addr/mask/prot/port): (1.2.3.114/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.120.0.0/255.255.192.0/0/0) current_peer: 1.1.1.1 #pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 4, #pkts comp failed: 0, #pkts decomp failed: 0 #send errors: 0, #recv errors: 0 local crypto endpt.: 1.2.3.114, remote crypto endpt.: 1.1.1.1 path mtu 1500, ipsec overhead 58, media mtu 1500 current outbound spi: 15388213 inbound esp sas: spi: 0x69CFA19D (1775215005) transform: esp-3des esp-md5-hmac none in use settings ={L2L, Tunnel, } slot: 0, conn_id: 1, crypto-map: external_map sa timing: remaining key lifetime (kB/sec): (4638/3508) IV size: 8 bytes replay detection support: Y outbound esp sas: spi: 0x15388213 (356024851) transform: esp-3des esp-md5-hmac none in use settings ={L2L, Tunnel, } slot: 0, conn_id: 1, crypto-map: external_map sa timing: remaining key lifetime (kB/sec): (4637/3506) IV size: 8 bytes replay detection support: Y
  6. Hi All New to security trying to get my head around this global natting Global (outside) 10 intreface Global (outside) 5 99.186.148.9 nat (inside) 0 access-list no-nat_inside nat (inside) 5 172.16.0.5 255.255.255.255 nat (inside) 10 172.16.0.0 255.255.255.0 nat (inside) 10 172.17.0.0 255.255.255.0 Please could someone, give ame an exlanation of how it works So I can read it better many thanks