12.7 C
New York
Sunday, September 8, 2024

How one can go from inside to outdoors (Firewall associated query)


Im making an attempt to get pinging/telnet enabled for a sure port so i can get by from outdoors to inside or vise versa. Simply making an attempt to determine the configuration to get there.

I’ve made my inside community and my outdoors community.

Firewall mannequin is Cisco 5520 ASA

ciscoasa# sh access-lis
access-list cached ACL log flows: whole 0, denied 0 (deny-flow-max 4096)
            alert-interval 300
access-list 101; 4 components; title hash: 0xe7d586b5
access-list 101 line 1 prolonged allow icmp any any echo-reply (hitcnt=0) 0x0309                                                                                        01cd
access-list 101 line 2 prolonged allow icmp any any source-quench (hitcnt=0) 0x8                                                                                        bddfde8
access-list 101 line 3 prolonged allow icmp any any unreachable (hitcnt=0) 0x89d                                                                                        18f69
access-list 101 line 4 prolonged allow icmp any any time-exceeded (hitcnt=0) 0x1                                                                                        2127ce7
access-list outside_access_in; 5 components; title hash: 0x6892a938
access-list outside_access_in line 1 prolonged allow icmp object outside3560 obj                                                                                        ect inside3560 (hitcnt=0) 0x4f1148e6
  access-list outside_access_in line 1 prolonged allow icmp host 192.168.2.21 ho                                                                                        st 192.168.1.11 (hitcnt=0) 0x4f1148e6
access-list outside_access_in line 2 prolonged allow icmp object outside3560 obj                                                                                        ect inside3560 object-group ping (hitcnt=0) 0xc892322e
  access-list outside_access_in line 2 prolonged allow icmp host 192.168.2.21 ho                                                                                        st 192.168.1.11 echo (hitcnt=0) 0x8d896526
  access-list outside_access_in line 2 prolonged allow icmp host 192.168.2.21 ho                                                                                        st 192.168.1.11 echo-reply (hitcnt=0) 0xd3bb9910
access-list outside_access_in line 3 prolonged allow icmp object outside23560 ob                                                                                        ject inside35602 object-group ping (hitcnt=0) 0xa79083e6
  access-list outside_access_in line 3 prolonged allow icmp host 192.168.2.21 ho                                                                                        st 192.168.1.12 echo (hitcnt=0) 0xca21b676
  access-list outside_access_in line 3 prolonged allow icmp host 192.168.2.21 ho                                                                                        st 192.168.1.12 echo-reply (hitcnt=0) 0x5ca247e8
access-list inside; 1 components; title hash: 0x45467dcb
access-list inside line 1 prolonged allow icmp host 192.168.1.11 host 192.168.2.                                                                                        21 (hitcnt=0) 0x00b26fe3
access-list outdoors; 1 components; title hash: 0x1a47dec4
access-list outdoors line 1 prolonged allow icmp host 192.168.2.21 host 192.168.1                                                                                        .11 (hitcnt=0) 0x4310bc47

3560 Inside change:

L3Switch1#sh run
Constructing configuration...

Present configuration : 1542 bytes
!
model 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname L3Switch1
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file confirm auto
spanning-tree mode pvst
spanning-tree lengthen system-id
!
vlan inner allocation coverage ascending
!
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
 switchport entry vlan 10
 switchport mode entry
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
 switchport entry vlan 10
 switchport mode entry
!
interface GigabitEthernet0/28
!
interface Vlan1
 no ip deal with
!
interface Vlan10
 ip deal with 192.168.1.11 255.255.255.0
!
ip classless
ip http server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
 password cisco
 login
line vty 5 15
 login
!
finish

3560 outdoors change:

TransitSw# sh run
Constructing configuration...

Present configuration : 1839 bytes
!
model 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname TransitSw
!
!
no aaa new-model
system mtu routing 1500
vtp mode clear
ip subnet-zero
!
!
!
!
no file confirm auto
spanning-tree mode pvst
spanning-tree lengthen system-id
!
vlan inner allocation coverage ascending
!
vlan 10
 title inside-vlan
!
vlan 20,30,40,112-113
!
vlan 210
 title netmon
!
vlan 439
 title radio
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
 switchport entry vlan 10
 switchport mode entry
!
interface GigabitEthernet0/22
 switchport entry vlan 10
 switchport mode entry
!
interface GigabitEthernet0/23
 switchport entry vlan 10
 switchport mode entry
!
interface GigabitEthernet0/24
!
interface Vlan1
 no ip deal with
 no ip route-cache
!
interface Vlan10
 ip deal with 192.168.1.12 255.255.255.0
 no ip route-cache
!
interface Vlan20
 ip deal with 192.168.20.14 255.255.255.0
 no ip route-cache
!
interface Vlan30
 ip deal with 192.168.30.14 255.255.255.0
 no ip route-cache
!
interface Vlan40
 ip deal with 192.168.40.14 255.255.255.0
 no ip route-cache
!
ip http server
!
control-plane
!
!
line con 0
line vty 0 4
 password cisco
 login
line vty 5 15
 login
!
finish

2960 Transmittor change thats additionally inside:

Change#sh run
Constructing configuration...

Present configuration : 3170 bytes
!
model 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Change
!
allow password cisco
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
no file confirm auto
spanning-tree mode pvst
spanning-tree lengthen system-id
!
vlan inner allocation coverage ascending
!
!
interface FastEthernet0/1
 switchport entry vlan 10
!
interface FastEthernet0/2
 switchport entry vlan 10
!
interface FastEthernet0/3
 switchport entry vlan 10
!
interface FastEthernet0/4
 switchport entry vlan 10
!
interface FastEthernet0/5
 switchport entry vlan 10
!
interface FastEthernet0/6
 switchport entry vlan 20
!
interface FastEthernet0/7
 switchport entry vlan 20
!
interface FastEthernet0/8
 switchport entry vlan 20
!
interface FastEthernet0/9
 switchport entry vlan 20
!
interface FastEthernet0/10
 switchport entry vlan 20
!
interface FastEthernet0/11
 switchport entry vlan 30
!
interface FastEthernet0/12
 switchport entry vlan 30
!
interface FastEthernet0/13
 switchport entry vlan 30
!
interface FastEthernet0/14
 switchport entry vlan 30
!
interface FastEthernet0/15
 switchport entry vlan 30
!
interface FastEthernet0/16
 switchport entry vlan 40
!
interface FastEthernet0/17
 switchport entry vlan 40
!
interface FastEthernet0/18
 switchport entry vlan 40
!
interface FastEthernet0/19
 switchport entry vlan 40
!
interface FastEthernet0/20
 switchport entry vlan 40
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface FastEthernet0/27
!
interface FastEthernet0/28
!
interface FastEthernet0/29
!
interface FastEthernet0/30
!
interface FastEthernet0/31
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
!
interface FastEthernet0/36
!
interface FastEthernet0/37
!
interface FastEthernet0/38
!
interface FastEthernet0/39
!
interface FastEthernet0/40
!
interface FastEthernet0/41
!
interface FastEthernet0/42
!
interface FastEthernet0/43
!
interface FastEthernet0/44
!
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
 switchport entry vlan 10
 switchport mode entry
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
 ip deal with 10.0.0.1 255.255.255.0
!
interface Vlan10
 ip deal with 192.168.2.21 255.255.255.0
 standby 1 ip 192.168.10.15
 standby 1 preempt
!
interface Vlan20
 ip deal with 192.168.20.10 255.255.255.0
 standby 1 ip 192.168.20.15
 standby 1 preempt
!
interface Vlan30
 ip deal with 192.168.30.10 255.255.255.0
 standby 1 ip 192.168.30.15
 standby 1 preempt
!
interface Vlan40
 ip deal with 192.168.40.10 255.255.255.0
 standby 1 ip 192.168.40.15
 standby 1 preempt
!
interface Vlan99
 ip deal with 192.168.99.99 255.255.255.0
!
ip default-gateway 10.0.0.254
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
 password cisco
 login
line vty 5 15
 login
!
finish

TransitSw#

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles