Jump to content

Cisco ASA-5515 Port 443 nicht erreichbar!

mels

Von mels
in Cisco Forum — Allgemein

Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Empfohlene Beiträge

mels Proficient

mels   10

Geschrieben
Geschrieben

Hallo Leute!

 

ASA-5515

 

Ich komm einfach nicht weiter!

 

Port 25 ist erreichbar aber Port 443 nicht, ich hab jetzt schon alles auprobiert!

 

Ich weis aber jetzt nicht mehr weiter!

 

Bin für jeden Tip dankbar!

 

Ich poste hiermal die Config

 

ASA Version 8.6(1)2 

interface GigabitEthernet0/0
 nameif outsite
 security-level 0
 ip address 2x.x.x.x 255.255.255.248 

interface GigabitEthernet0/1
 nameif inside
 security-level 50
 ip address 10.134.1.254 255.255.0.0 

boot system disk0:/asa861-2-smp-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
 domain-name St
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network Firewall-B
 host 8x.x.x.x
object network Site-A-St-Net
 subnet 10.134.0.0 255.255.0.0
object network Site-B-B-Net
 subnet 192.168.104.0 255.255.255.0
object network St_Intern_10.134.0.0_24
 subnet 10.134.0.0 255.255.0.0
object network VPN_NETZ_192.168.200.0_24
 subnet 192.168.200.0 255.255.255.0
object network B-VPN-Net
 subnet 192.168.110.0 255.255.255.0
object network OBJ_GENERIC_ALL
 subnet 0.0.0.0 0.0.0.0
object network internal
 subnet 10.134.0.0 255.255.255.0
object network Mailserver
 host 10.134.1.50
object service Mail_TCP_SRC_25
 service tcp source eq smtp 
object service https_443
 service tcp source eq https destination range 1 65535 
object network VMWareServer
 host 10.134.1.71
object service VMWare_8443
 service tcp source eq 8443 
object service 53
 service tcp source eq domain 
object-group network DM_INLINE_NETWORK_1
 network-object object B-VPN-Net
 network-object object Site-B-B-Net
object-group network DM_INLINE_NETWORK_2
 network-object object B-VPN-Net
 network-object object Site-B-B-Net
 network-object object VPN_NETZ_192.168.200.0_24
object-group icmp-type DM_INLINE_ICMP_1
 icmp-object echo-reply
 icmp-object source-quench
 icmp-object time-exceeded
 icmp-object unreachable
object-group protocol DM_INLINE_PROTOCOL_2
 protocol-object ip
 protocol-object udp
 protocol-object tcp
object-group network DM_INLINE_NETWORK_3
 network-object object B-VPN-Net
 network-object object Site-B-B-Net
 network-object object VPN_NETZ_192.168.200.0_24
object-group network DM_INLINE_NETWORK_4
 network-object object B-VPN-Net
 network-object object Site-B-B-Net
 network-object object VPN_NETZ_192.168.200.0_24
object-group service https_443_neu tcp
 port-object eq https
access-list outsite_cryptomap extended permit ip object Site-A-St-Net object-group DM_INLINE_NETWORK_1 
access-list outsite_cryptomap extended permit ip 192.168.200.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 
access-list VPN-User_splitTunnelAcl standard permit 192.168.104.0 255.255.255.0 
access-list VPN-User_splitTunnelAcl standard permit 10.134.0.0 255.255.0.0 
access-list inside_access_in extended permit ip 10.134.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_2 
access-list inside_access_in extended permit icmp 10.134.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_4 
access-list inside_access_in extended permit ip any any 
access-list inside_access_in extended permit icmp any any 
access-list inside_access_in extended deny ip any any inactive 
access-list outsite_access_in extended permit ip object VPN_NETZ_192.168.200.0_24 10.134.0.0 255.255.0.0 
access-list outsite_access_in extended permit ip object Site-A-St-Net object-group DM_INLINE_NETWORK_3 
access-list outsite_access_in extended permit tcp any object Mailserver eq smtp 
access-list outsite_access_in extended permit tcp any object Mailserver eq https 
access-list outsite_access_in extended permit tcp any object Mailserver eq www 
access-list outsite_access_in extended permit object Mail_TCP_SRC_25 any object Mailserver 
access-list outsite_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1 
access-list outsite_access_in extended permit object-group DM_INLINE_PROTOCOL_2 object Firewall-B 2x.x.x.x 255.255.255.248 
pager lines 24
logging enable
logging asdm informational
mtu outsite 1492
mtu inside 1500
mtu management 1500
ip local pool VPN-Pool 192.168.200.0-192.168.200.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
nat (inside,outsite) source static Mailserver interface service Mail_TCP_SRC_25 Mail_TCP_SRC_25
nat (inside,outsite) source static Mailserver interface service 53 53
nat (inside,outsite) source static Mailserver interface service https_443 https_443
nat (inside,outsite) source static Site-A-St-Net Site-A-St-Net destination static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 no-proxy-arp route-lookup
nat (inside,outsite) source static Site-A-St-Net Site-A-St-Net destination static Site-B-B-Net Site-B-B-Net no-proxy-arp route-lookup
nat (outsite,inside) source static Site-B-B-Net Site-B-B-Net destination static Site-A-St-Net Site-A-St-Net no-proxy-arp route-lookup
nat (inside,outsite) source static St_Intern_10.134.0.0_24 St_Intern_10.134.0.0_24 destination static VPN_NETZ_192.168.200.0_24 VPN_NETZ_192.168.200.0_24 no-proxy-arp route-lookup
nat (outsite,inside) source static VPN_NETZ_192.168.200.0_24 VPN_NETZ_192.168.200.0_24 destination static St_Intern_10.134.0.0_24 St_Intern_10.134.0.0_24 no-proxy-arp route-lookup
nat (outsite,outsite) source static B-VPN-Net B-VPN-Net
nat (outsite,outsite) source static St_Intern_10.134.0.0_24 St_Intern_10.134.0.0_24

object network OBJ_GENERIC_ALL
 nat (inside,outsite) dynamic interface

nat (management,outsite) after-auto source dynamic any interface
access-group outsite_access_in in interface outsite
access-group inside_access_in in interface inside
route outsite 0.0.0.0 0.0.0.0 2x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL 
aaa authentication telnet console LOCAL 

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption des-sha1
!
class-map inspection_default
 match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options

Vielen Dank im voraus!

 

LG

Jörg

Link zu diesem Kommentar
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Schreibe einen Kommentar

Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.

Gast
Auf dieses Thema antworten...

×   Du hast formatierten Text eingefügt.   Formatierung jetzt entfernen

  Only 75 emoji are allowed.

×   Dein Link wurde automatisch eingebettet.   Einbetten rückgängig machen und als Link darstellen

×   Dein vorheriger Inhalt wurde wiederhergestellt.   Editor-Fenster leeren

×   Du kannst Bilder nicht direkt einfügen. Lade Bilder hoch oder lade sie von einer URL.

×
Zurück zur Übersicht


×
×
  • Neu erstellen...