ASA5505 mehrere Externe IP-Adressen - 1 Interface

[mels]

Hallo! Danke mal für die Info!
Könntest Du noch mal auf .244 testen ob sich da auch der SMTP meldet?

Wegen DNS was und wo muß ich das einstellen?

Vielen dank im Voraus!

lg
Jörg

[Wordo]

Nein, allerdings gehts auf der 246 jetzt auch nicht mehr

EDIT: Geh auf den Mailserver, mach ne DOS Box auf und schau ob du bei nem Ping auf heise.de die IP aufgelöst bekommst.

[mels]

Hallo! Nein wird nicht aufgelöst!
Was muß ich da aufmachen auf der Firewall das ich da einen request bekomme?

Danke im voraus!

lg
Jörg

[mels]

Hallo!

Jetzt bekomme ich doch eine Auflösung, auf dem Server mit der 30.2 --> .244!

Da wird die IP aufgelöst und ich bekomme auch eine Antwort!

lg
Jörg

[mels]

Hier noch mal die aktuelle Konfig!

: Saved
:
ASA Version 8.2(1)
!
hostname gatway1
name 192.168.30.0 _Inside-PC-LAN_0.30
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.30.3 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 195.1xx.2xx.242 255.255.255.224
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name p.local
same-security-traffic permit intra-interface
object-group service mSuite tcp
description mSuite
port-object eq 1700
port-object eq 603
port-object eq 605
port-object eq 607
object-group service Port_3000 tcp
description Port _3000
port-object eq 3000
object-group service Port_5432 tcp
description Port_5432
port-object eq 5432
object-group service Port_8000 tcp
description Port_8000
port-object eq 8000
object-group service Semiramis tcp
description Semiramis
port-object eq 8843
port-object eq 8888
access-list outside_cryptomap extended permit ip p_Inside-PC-LAN_0.30 255.255.255.0 m_168.190 255.255.255.0
access-list outside_cryptomap_1 extended permit ip p_Inside-PC-LAN_0.30 255.255.255.0 h_Net_10.0.0. 255.255.255.128
access-list outside_access_in extended permit ip any host 195.1xx.2xx.242
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.242
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.243 eq https
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.243 object-group Semiramis
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq echo
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq www
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq https
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq lotusnotes
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 object-group mSuite
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq smtp
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.245 eq https
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.245 object-group Semiramis
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 eq https
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 eq lotusnotes
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 eq www
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 object-group mSuite
access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 eq smtp
access-list outside_access_in extended permit ip host 92. host 195.1xx.2xx.242
access-list outside_access_in extended permit ip host 81. host 195.1xx.2xx.242
access-list outside_access_in extended permit ip p_Inside-PC-LAN_0.30 255.255.255.0 h_Net_10.0.0. 255.255.255.128
access-list outside_access_in extended permit ip p_Inside-PC-LAN_0.30 255.255.255.0 host h_SAP_228.155
access-list inside_access_in extended permit tcp p_Inside-PC-LAN_0.30 255.255.255.0 host 195.1xx.2xx.244 eq lotusnotes
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging standby
logging emblem
logging buffered emergencies
logging trap notifications
logging history notifications
logging asdm notifications
logging mail notifications
logging from-address
logging recipient-address level notifications
logging host inside 192.168.30.8 6/1470 secure
logging debug-trace

[mels]

mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 195.1xx.2xx.246 192.168.30.8 netmask 255.255.255.255
static (inside,outside) 195.1xx.2xx.243 192.168.30.1 netmask 255.255.255.255
static (inside,outside) 195.1xx.2xx.245 192.168.30.5 netmask 255.255.255.255
static (outside,inside) 192.168.30.2 195.1xx.2xx.244 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 195.1xx.2xx.241 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http p_Inside-PC-LAN_0.30 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map0 1
crypto map outside_map0 1 set peer 81
crypto map outside_map0 1
crypto map outside_map0 2 match address outside_cryptomap_1
crypto map outside_map0 2 set peer 92
crypto map outside_map0 2
crypto map outside_map0 interface outside
crypto ca server
shutdown
smtp from-address admin@gatway1.null
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet p_Inside-PC-LAN_0.30 255.255.255.0 inside
telnet timeout 5
ssh p_Inside-PC-LAN_0.30 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 192.168.30.2 interface inside
!
vpnclient server 192.168.4.0
vpnclient mode client-mode
vpnclient vpngroup VPN_User password ********
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
tftp-server inside 192.168.30.8 CiscoTFTP
webvpn

[mels]

tunnel-group mVPN type ipsec-l2l
tunnel-group mVPN general-attributes
tunnel-group mVPN ipsec-attributes
pre-shared-key *
tunnel-group 92.ype ipsec-l2l
tunnel-group 92. ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp

[mels]

Falsch

[mels]

Hallo Leute! Wollte Nur bescheid geben das jetzt alles Funktioniert!
Das Problem war der Router vom Provider der nicht ganz richtig Funktioniert!

Vielen dank für die Hilfe!

lg
Jörg

[thematrix]

Mr Wordo hilft