- ASA outside = 209.165.200.226/28
- DMZ Web server = 192.168.2.254
- PC1 = 10.10.10.100
- PC3 = 172.16.3.100
- XP = 172.16.3.10
- Outside XP network shoud route via default route 0.0.0.0 0.0.0.0.0 172.16.3.1
ASA
# route outside 0.0.0.0 0.0.0.0 209.165.200.225 1
Now ASA can ping PC3
Ping Pc3 from PC1
ASA
# object network inside-net
# subnet 10.10.10.0 255.255.255.0
# nat (inside,outside) dynamic interface
# class-map inspection_default
# match default-inspection-policy
# policy-map global_policy
# class inspection_default
# inspect icmp
# service-policy global_policy global
NOW PC1 able to ping PC3.
--------------------------------------------
Configure XP user to connect Web Server at DMZ
# object network dmz-server
# host 192.168.2.254
# nat (dmz,outside) static 209.165.200.227
# access-list OUTSIDE-DMZ extended permit ip any host 192.168.2.254
# access-group OUTSIDE-DMZ in interface outside
Now able to ping WEB server and can http://209.165.200.227 from XP user.
---------------
If want to ping PC3 from DMZ
# object network dmz-net
# subnet 192.168.2.0 255.255.255.0
# nat (dmz,outside) dymanic interface
BONUS TIP!
#access-list TEST line 3 extended permit tcp any host 192.168.2.254 eq telnet
Add IP to block or allow with a port.
No comments:
Post a Comment