Hi
I have a very basic ASA5510 config that I can not get working. Simply put, there is a public IP that forwards to two individual SFTP servers located on seperate ASA nic's. Port traffic is only passed on ports 745 and 746, 745 to server 1 and 746 to server 2. Thats it, simple huh.
Problem is that I can't get anything to forward. I can direct connect to the servers so I know they are ok. I can see ASDM activity with the connection attempt and nothing is denied.
Any clues anyone? I'm not a Cisco expert and am now in the pooh
cheers Malcom
asdm image disk0:/asdm-508.bin no asdm history enable : Saved : ASA Version 7.0(8) ! hostname Wactive-ASA domain-name xxxxxxx.com.au enable password xxxxxxx encrypted passwd xxxxxxx encrypted names dns-guard ! interface Ethernet0/0 nameif Public security-level 0 ip address xxxxxx 255.255.255.248 ! interface Ethernet0/1 nameif System-#1 security-level 100 ip address xxxxx 255.255.255.0 ! interface Ethernet0/2 nameif System-#2 security-level 100 ip address xxxxx 255.255.255.0 ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! ftp mode passive clock timezone EST 10 clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00 access-list SFTP#2_access_in extended permit ip any any access-list Public_access_in remark Public to SFTP#1 access-list Public_access_in extended permit tcp any interface System-#1 eq 745 access-list Public_access_in remark Public to SFTP#2 access-list Public_access_in extended permit tcp any interface System-#2 eq 746 access-list Public_access_in remark pings to system #1 access-list Public_access_in extended permit icmp any interface System-#1 access-list Public_access_in remark pings to system #2 access-list Public_access_in extended permit icmp any interface System-#2 access-list Public_access_in extended deny tcp any any access-list System-#1_access_in extended permit ip any any pager lines 24 logging enable logging asdm informational mtu Public 1500 mtu System-#1 1500 mtu System-#2 1500 mtu management 1500 asdm image disk0:/asdm-508.bin no asdm history enable arp timeout 14400 global (Public) 1 interface nat (management) 0 0.0.0.0 0.0.0.0 static (System-#1,Public) tcp interface 745 192.168.200.2 745 netmask
255.255.255.255 static (System-#2,Public) tcp interface 746 192.168.201.2 746 netmask 255.255.255.255 access-group Public_access_in in interface Public access-group System-#1_access_in in interface System-#1 access-group SFTP#2_access_in in interface System-#2 route Public 0.0.0.0 0.0.0.0 172.16.0.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username Engineering password xxxxx encrypted privilege 15 http server enable http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address xxxxxxx management dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd enable management ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global ntp server 203.80.162.195 source Public ntp server 120.250.37.2 source Public Cryptochecksum:9d4ddb8a75eea4215803e857994154c4 : end-------------------------------------