Jump to content

hirschcom

Members
 Profil anzeigen  Aktivitäten des Benutzers anzeigen

  • Gesamte Inhalte

    5

  • Registriert seit

  • Letzter Besuch

 Inhaltstyp 

Beiträge erstellt von hirschcom

  2. asa5505 ftp von aussen weiterleiten

    in Cisco Forum — Allgemein

    Geschrieben

    so jetzt nochmal meine aktuelle config alles mit port 80, 20, 21

     

    geht immer noch nicht !!

     

    asa01# sh run

    : Saved

    :

    ASA Version 8.0(3)

    !

    hostname asa01

    domain-name default.domain.invalid

     

    names

    !

    interface Vlan1

    nameif inside

    security-level 100

    ip address 192.168.7.1 255.255.255.0

    !

    interface Vlan2

    nameif outside

    security-level 0

    ip address dhcp setroute

    !

    interface Ethernet0/0

    switchport access vlan 2

    !

    interface Ethernet0/1

    shutdown

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    shutdown

    !

    interface Ethernet0/4

    shutdown

    !

    interface Ethernet0/5

    shutdown

    !

    interface Ethernet0/6

    shutdown

    !

    interface Ethernet0/7

    shutdown

    !

     

    boot system disk0:/asa803-k8.bin

    ftp mode passive

    dns server-group DefaultDNS

    domain-name default.domain.invalid

    access-list outside_access_in extended permit tcp any interface outside eq www

    access-list outside_access_in extended permit tcp any interface outside eq ftp

    access-list outside_access_in extended permit tcp any interface outside eq ftp-data

    pager lines 24

    mtu inside 1500

    mtu outside 1500

    icmp unreachable rate-limit 1 burst-size 1

    asdm image disk0:/asdm-603.bin

    no asdm history enable

    arp timeout 14400

    global (outside) 1 interface

    nat (inside) 1 192.168.7.0 255.255.255.0

    static (inside,outside) tcp interface www 192.168.7.54 www netmask 255.255.255.255

    static (inside,outside) tcp interface ftp 192.168.7.253 ftp netmask 255.255.255.255

    static (inside,outside) tcp interface ftp-data 192.168.7.253 ftp-data netmask 255.255.255.255

    access-group outside_access_in in interface outside

    timeout xlate 3:00:00

    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

    timeout uauth 0:05:00 absolute

    dynamic-access-policy-record DfltAccessPolicy

    http server enable

    http 192.168.7.0 255.255.255.0 inside

    no snmp-server location

    no snmp-server contact

    snmp-server enable traps snmp authentication linkup linkdown coldstart

    telnet 192.168.7.0 255.255.255.0 inside

    telnet timeout 60

     

    console timeout 0

    dhcpd address 192.168.7.100-192.168.7.131 inside

    dhcpd auto_config outside interface inside

    dhcpd enable inside

    !

     

    threat-detection basic-threat

    threat-detection statistics access-list

    ntp server 83.125.8.21 source outside prefer

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    policy-map type inspect dns preset_dns_map

    parameters

    message-length maximum 512

    policy-map global_policy

    class inspection_default

    inspect dns preset_dns_map

    inspect ftp

    inspect h323 h225

    inspect h323 ras

    inspect netbios

    inspect rsh

    inspect rtsp

    inspect skinny

    inspect esmtp

    inspect sqlnet

    inspect sunrpc

    inspect tftp

    inspect sip

    inspect xdmcp

    inspect icmp

    !

    service-policy global_policy global

    prompt hostname context

    Cryptochecksum:e0ffed8fa9ca21136e1054f41082dee3

    : end

    asa01#

  3. asa5505 ftp von aussen weiterleiten

    in Cisco Forum — Allgemein

    Geschrieben

    nee geht immer noch nicht !!

     

    hier mal meine config

     

    an ethernet 0/2 hängt mein switch

     

     

    asa01# sh run

    : Saved

    :

    ASA Version 8.0(3)

    !

    hostname asa01

    domain-name default.domain.invalid

     

    names

    !

    interface Vlan1

    nameif inside

    security-level 100

    ip address 192.168.7.1 255.255.255.0

    !

    interface Vlan2

    nameif outside

    security-level 0

    ip address dhcp setroute

    !

    interface Ethernet0/0

    switchport access vlan 2

    !

    interface Ethernet0/1

    shutdown

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    shutdown

    !

    interface Ethernet0/4

    shutdown

    !

    interface Ethernet0/5

    shutdown

    !

    interface Ethernet0/6

    shutdown

    !

    interface Ethernet0/7

    shutdown

    !

     

    boot system disk0:/asa803-k8.bin

    ftp mode passive

    dns server-group DefaultDNS

    domain-name default.domain.invalid

    access-list 102 extended permit tcp any interface outside eq www

    pager lines 24

    mtu inside 1500

    mtu outside 1500

    icmp unreachable rate-limit 1 burst-size 1

    asdm image disk0:/asdm-603.bin

    no asdm history enable

    arp timeout 14400

    global (outside) 1 interface

    nat (inside) 1 192.168.7.0 255.255.255.0

    static (inside,outside) tcp interface www 192.168.7.54 www netmask 255.255.255.255

    timeout xlate 3:00:00

    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

    timeout uauth 0:05:00 absolute

    dynamic-access-policy-record DfltAccessPolicy

    http server enable

    http 192.168.7.0 255.255.255.0 inside

    no snmp-server location

    no snmp-server contact

    snmp-server enable traps snmp authentication linkup linkdown coldstart

    telnet 192.168.7.0 255.255.255.0 inside

    telnet timeout 60

     

    console timeout 0

    dhcpd address 192.168.7.100-192.168.7.131 inside

    dhcpd auto_config outside interface inside

    dhcpd enable inside

    !

     

    threat-detection basic-threat

    threat-detection statistics access-list

    ntp server 83.125.8.21 source outside prefer

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    policy-map type inspect dns preset_dns_map

    parameters

    message-length maximum 512

    policy-map global_policy

    class inspection_default

    inspect dns preset_dns_map

    inspect ftp

    inspect h323 h225

    inspect h323 ras

    inspect netbios

    inspect rsh

    inspect rtsp

    inspect skinny

    inspect esmtp

    inspect sqlnet

    inspect sunrpc

    inspect tftp

    inspect sip

    inspect xdmcp

    inspect icmp

    !

    service-policy global_policy global

     

    : end

  4. asa5505 ftp von aussen weiterleiten

    in Cisco Forum — Allgemein

    Geschrieben

    dachte ich auch !!!

     

    Habs mit asdm funktioniert allerdings fehlt irgendwo noch was !

     

    sorry wollte port 80 nicht ftp weiterleiten

     

     

    access-list 102 extended permit tcp any host 192.168.7.54 eq www

     

    static (inside,outside) tcp interface www 192.168.7.54 www netmask 255.255.255.255

    access-group 102 in interface outside

     

     

    hab ich was vergessen oder falsch gemacht ?

×
×
  • Neu erstellen...