Hello List, a easy Cisco question.

bill at kruchas.com bill at kruchas.com
Mon Jul 11 20:23:02 UTC 2011



   Hello,

       I believe I have setup the appropriate access-lists, even have
   created it both ways in case I have the inside and outside reversed.

       The packet trace always drops through and hits the implicit rule
   which is deny everything. No matter how I have the access list setup. I
   have tried it several ways, and also included the nat exclude
   statement, but the current config doesn't have that listed anymore as I
   wanted to try to keep the config as clean as I can, but if the exclude
   is needed I can certainly add it. But none on the examples used it.



   -------- Original Message --------
   Subject: Re: Hello List, a easy Cisco question.
   From: James Laszko <[1]jamesl at mythostech.com>
   Date: Mon, July 11, 2011 1:02 pm
   To: "[2]bill at kruchas.com" <[3]bill at kruchas.com>
   Have you setup the appropriate access rule along with the NAT?
   The packet trace button is useful in testing as well...
   Regards,
   James Laszko
   Mythos Technology Inc
   [4]Jamesl at mythostech.com
   ----- Original Message -----
   From: [5]bill at kruchas.com [[6]mailto:bill at kruchas.com]
   Sent: Monday, July 11, 2011 12:33 PM
   To: nanog <[7]nanog at nanog.org>
   Subject: Hello List, a easy Cisco question.
   Hello,
   I am not a heads down network guy, but I have setup a few
   firewalls, and have got them to do what I wanted, "eventually". But
   mostly through reading and trial and error.
   I am struggling with this one, but I think I know the answer, but
   want to verify it with some experts.
   We have a cisco asa 5505, with an internet connection with only one
   useable ip address (subnet 255.255.255.252). We/they have had a nat
   setup for outgoing connections for some time, but I have been trying to
   get a new inbound connection going for terminal services to a specific
   host on tcp port 3389. I'm using "ASDM" but checking the config file
   and it's building the correct static statement, and access lists (I
   think anyway). But It doesn't work, and doesn't give a real good
   definative log message. I was wondering if possibly the fact that nat
   is using the one ip address, if that precludes the static mapping from
   working.
   I've read several step by steps, and again had this working several
   other places, but always with more ip's. If having just one ip isn't
   the isssue, is there any other issues I should be looking for.
   I'd appreciate any insight you might share.
   Thanks in advance

References

   1. mailto:jamesl at mythostech.com
   2. mailto:bill at kruchas.com
   3. mailto:bill at kruchas.com
   4. mailto:Jamesl at mythostech.com
   5. mailto:bill at kruchas.com
   6. mailto:bill at kruchas.com
   7. mailto:nanog at nanog.org



More information about the NANOG mailing list