help w/ 5510 config

Discussion in 'Cisco' started by Jake, Jan 30, 2008.

  1. Jake

    Jake Guest

    I've got a 5510 and I'm having a problem trying to get internet access
    from my development boxes and was hoping someone could take a look at
    what I have wrong here.

    I'm trying to forward www, https, and 3690 from the outside - PAT to my
    dmz, ssh to my cluster from the outside, and get internet access from
    within development network.

    Any help much appreciated.

    ---

    name 192.168.3.0 DEV_NET
    name 192.168.4.0 DMZ_NET
    name 192.168.2.0 CLUSTER_NET
    name 199.199.xxx.14 MY_WAN_IP


    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address MY_WAN_IP 255.255.255.0
    !
    interface Ethernet0/1
    nameif dmz
    security-level 20
    ip address 192.168.4.1 255.255.255.0
    !
    interface Ethernet0/2
    nameif cluster
    security-level 60
    ip address 192.168.2.1 255.255.255.0
    !
    interface Ethernet0/3
    nameif development
    security-level 80
    ip address 192.168.3.1 255.255.255.0
    !
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    management-only
    !


    object-group service DMZ_SERVICES tcp
    port-object eq www
    port-object eq https
    port-object eq 3690
    object-group service ALL_SERVICES tcp
    port-object eq www
    port-object eq https
    port-object eq 3690
    port-object eq ssh
    access-list DEV_ACCESS extended permit ip any any
    access-list SSH_ACCESS extended permit tcp any any eq ssh
    access-list ALL_ACCESS extended permit tcp any any object-group ALL_SERVICES
    access-list DMZ_ACCESS extended permit tcp any interface dmz
    object-group DMZ_SERVICES

    nat-control
    global (outside) 1 interface
    nat (dmz) 1 DMZ_NET 255.255.255.0
    nat (cluster) 1 CLUSTER_NET 255.255.255.0
    nat (development) 1 DEV_NET 255.255.255.0
    static (cluster,outside) tcp interface ssh 192.168.2.10 ssh netmask
    255.255.255.255
    static (dmz,outside) tcp interface www 192.168.4.10 www netmask 255.255.255.255
    static (dmz,outside) tcp interface https 192.168.4.10 https netmask
    255.255.255.255
    static (dmz,outside) tcp interface 3690 192.168.4.10 3690 netmask
    255.255.255.255
    static (management,development) MGMT_NET MGMT_NET netmask 255.255.255.0
    static (management,cluster) MGMT_NET MGMT_NET netmask 255.255.255.0
    static (management,dmz) MGMT_NET MGMT_NET netmask 255.255.255.0
    static (development,cluster) DEV_NET DEV_NET netmask 255.255.255.0
    static (development,dmz) DEV_NET DEV_NET netmask 255.255.255.0
    static (cluster,development) CLUSTER_NET CLUSTER_NET netmask 255.255.255.0
    static (development,outside) DEV_NET DEV_NET netmask 255.255.255.0
    access-group DMZ_ACCESS in interface dmz
    access-group SSH_ACCESS in interface cluster
    access-group ALL_ACCESS in interface outside
    access-group DEV_ACCESS out interface development
    route outside 0.0.0.0 0.0.0.0 199.199.xxx.1 1
     
    Jake, Jan 30, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Erich Reimberg N.

    Active/standby config for ASA 5510

    Erich Reimberg N., Jul 1, 2005, in forum: Cisco
    Replies:
    0
    Views:
    793
    Erich Reimberg N.
    Jul 1, 2005
  2. Replies:
    3
    Views:
    5,982
  3. xdocx
    Replies:
    0
    Views:
    943
    xdocx
    Nov 4, 2003
  4. sapmohan

    cisco asa 5510 intervlan config

    sapmohan, Mar 21, 2008, in forum: Cisco
    Replies:
    0
    Views:
    583
    sapmohan
    Mar 21, 2008
  5. Lirria

    ASA 5510 config issue

    Lirria, Apr 14, 2009, in forum: Cisco
    Replies:
    0
    Views:
    487
    Lirria
    Apr 14, 2009
Loading...

Share This Page