Hello List, a easy Cisco question.
bill at kruchas.com
bill at kruchas.com
Mon Jul 11 20:23:02 UTC 2011
Hello,
I believe I have setup the appropriate access-lists, even have
created it both ways in case I have the inside and outside reversed.
The packet trace always drops through and hits the implicit rule
which is deny everything. No matter how I have the access list setup. I
have tried it several ways, and also included the nat exclude
statement, but the current config doesn't have that listed anymore as I
wanted to try to keep the config as clean as I can, but if the exclude
is needed I can certainly add it. But none on the examples used it.
-------- Original Message --------
Subject: Re: Hello List, a easy Cisco question.
From: James Laszko <[1]jamesl at mythostech.com>
Date: Mon, July 11, 2011 1:02 pm
To: "[2]bill at kruchas.com" <[3]bill at kruchas.com>
Have you setup the appropriate access rule along with the NAT?
The packet trace button is useful in testing as well...
Regards,
James Laszko
Mythos Technology Inc
[4]Jamesl at mythostech.com
----- Original Message -----
From: [5]bill at kruchas.com [[6]mailto:bill at kruchas.com]
Sent: Monday, July 11, 2011 12:33 PM
To: nanog <[7]nanog at nanog.org>
Subject: Hello List, a easy Cisco question.
Hello,
I am not a heads down network guy, but I have setup a few
firewalls, and have got them to do what I wanted, "eventually". But
mostly through reading and trial and error.
I am struggling with this one, but I think I know the answer, but
want to verify it with some experts.
We have a cisco asa 5505, with an internet connection with only one
useable ip address (subnet 255.255.255.252). We/they have had a nat
setup for outgoing connections for some time, but I have been trying to
get a new inbound connection going for terminal services to a specific
host on tcp port 3389. I'm using "ASDM" but checking the config file
and it's building the correct static statement, and access lists (I
think anyway). But It doesn't work, and doesn't give a real good
definative log message. I was wondering if possibly the fact that nat
is using the one ip address, if that precludes the static mapping from
working.
I've read several step by steps, and again had this working several
other places, but always with more ip's. If having just one ip isn't
the isssue, is there any other issues I should be looking for.
I'd appreciate any insight you might share.
Thanks in advance
References
1. mailto:jamesl at mythostech.com
2. mailto:bill at kruchas.com
3. mailto:bill at kruchas.com
4. mailto:Jamesl at mythostech.com
5. mailto:bill at kruchas.com
6. mailto:bill at kruchas.com
7. mailto:nanog at nanog.org
More information about the NANOG
mailing list