1
Speedtouch router mit ASA 5505 probleme
Brauche hilfe mit der conf der asa und des routers einiges habe ich schon configuriert will aber trotzdem nicht
Hallo erst mal bin neu hier im Forum.
muss noch dazu sagen habe mir die anderen Beiträge schon aufmerksam gelesen bin aber auf keinen grünen Zweig gekommen also bitte könnt ihr euch meine conf mal ansehen.
Also Configuriere die ASA über Tutty vom der ASA im OUTSIDE Interface kann ich den Router (10.0.0.138) pingen vom INSIDE alerdings wieder nicht warum?
Also mein Problem ist besser gesagt ich weiß nicht ob das überhaupt funkt und zwar habe ich einen Speedtouch Router (
Aktuelle conf des Speedtouch routers:
[ language.ini ]
config language=de
[ script.ini ]
add name=autopvc_add_qos index=0 command="qosbook add name _auto_$1_$2 class $3 tx_peakrate $4 tx_sustrate $5 tx_maxburst $6 rx_peakrate $4 rx_sustrate $5 rx_maxburst $6 dynamic yes"
add name=autopvc_delete_qos index=0 command="qosbook delete name _auto_$1_$2"
add name=autopvc_add_bridge index=0 command="qosbook add name _auto_$1_$2 class $3 tx_peakrate $4 tx_sustrate $5 tx_maxburst $6 rx_peakrate $4 rx_sustrate $5 rx_maxburst $6 dynamic yes"
add name=autopvc_add_bridge index=1 command="phonebook add name _auto_$1_$2 addr $1.$2 type any dynamic yes"
add name=autopvc_add_bridge index=2 command="bridge ifadd intf _auto_$1_$2 dest _auto_$1_$2"
add name=autopvc_add_bridge index=3 command="bridge ifconfig intf _auto_$1_$2 qos _auto_$1_$2"
add name=autopvc_add_bridge index=4 command="bridge ifattach intf _auto_$1_$2"
add name=autopvc_delete_bridge index=0 command="bridge ifdetach intf _auto_$1_$2"
add name=autopvc_delete_bridge index=1 command="bridge ifdelete intf _auto_$1_$2"
add name=autopvc_delete_bridge index=2 command="phonebook delete name _auto_$1_$2"
add name=autopvc_delete_bridge index=3 command="qosbook delete name _auto_$1_$2"
add name=autopvc_add_pppoerelay index=0 command="qosbook add name _auto_$1_$2 class $3 tx_peakrate $4 tx_sustrate $5 tx_maxburst $6 rx_peakrate $4 rx_sustrate $5 rx_maxburst $6 dynamic yes"
add name=autopvc_add_pppoerelay index=1 command="phonebook add name _auto_$1_$2 addr $1.$2 type any dynamic yes"
add name=autopvc_add_pppoerelay index=2 command="ethoa ifadd intf _auto_$1_$2 dest _auto_$1_$2"
add name=autopvc_add_pppoerelay index=3 command="ethoa ifconfig intf _auto_$1_$2 qos _auto_$1_$2"
add name=autopvc_add_pppoerelay index=4 command="ethoa ifattach intf _auto_$1_$2"
add name=autopvc_add_pppoerelay index=5 command="ip ifwait intf _auto_$1_$2 timeout 15 adminstatus up"
add name=autopvc_add_pppoerelay index=6 command="pppoe relay add port _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=0 command="pppoe relay delete port _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=1 command="ethoa ifdetach intf _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=2 command="ethoa ifdelete intf _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=3 command="phonebook delete name _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=4 command="qosbook delete name _auto_$1_$2"
add name=autopvc_change_qos index=0 command="$$1 ifdetach intf $2"
add name=autopvc_change_qos index=1 command="$$1 ifconfig intf $2 qos $3"
add name=autopvc_change_qos index=2 command="$$1 ifattach intf $2"
add name=autopvc_change_qos_pppoerelay index=0 command="ethoa ifdetach intf $1"
add name=autopvc_change_qos_pppoerelay index=1 command="ethoa ifconfig intf $1 qos $2"
add name=autopvc_change_qos_pppoerelay index=2 command="ethoa ifattach intf $1"
add name=autopvc_change_qos_pppoerelay index=3 command="pppoe relay add port $1"
add name=autopvc_change_qos_pppoeethoa index=0 command="ethoa ifdetach intf $1"
add name=autopvc_change_qos_pppoeethoa index=1 command="ethoa ifconfig intf $1 qos $2"
add name=autopvc_change_qos_pppoeethoa index=2 command="ethoa ifattach intf $1"
add name=autopvc_change_qos_pppoeethoa index=3 command="pppoe ifattach intf $3"
add name=autopvc_change_qos_pppoa index=0 command="pppoa ifdetach intf $1"
add name=autopvc_change_qos_pppoa index=1 command="ip ifwait intf $1 timeout 5 adminstatus down"
add name=autopvc_change_qos_pppoa index=2 command="pppoa ifconfig intf $1 qos $2"
add name=autopvc_change_qos_pppoa index=3 command="pppoa ifattach intf $1"
[ env.ini ]
set var=CONF_REGION value=Austria
set var=CONF_PROVIDER value="Internet Service Provider"
set var=CONF_DESCRIPTION value=Austria
set var=CONF_SERVICE value="Broadband Network Address Translation (NAT)"
set var=CONF_DATE value="An der Konfiguration wurden manuell Änderungen vorgenommen."
set var=CONF_VERSION value=0.1
set var=HOST_SETUP value=none
set var=ST_LAN_IP_ADDR value=10.0.0.138
set var=ST_LAN_NET_MASK value=255.255.255.0
set var=COLUMNS value=80
set var=ROWS value=24
set var=SESSIONTIMEOUT value=120
set var=CONF_TPVERSION value=1.2.0
[ wizard.ini ]
config allow_factory_tpl=no trace=yes autopopup=no
[ snmp.ini ]
config RWCommunity=_DEV_89D368DC494085B5 ROCommunity=_DEV_EDA575EEFFBCA87B sysContact="Internet Service Provider" sysName="Speedtouch 510" sysLocation=Austria
[ phone.ini ]
add name=Br1 addr=8*35 type=ethoa
add name=Br2 addr=8*36 type=ethoa
add name=Br3 addr=8*37 type=ethoa
add name=Br4 addr=8*38 type=ethoa
add name=DIALUP_PPP1 addr=8*48 type=pppoa
add name=RELAY_PPP2 addr=8*49 type=pppoa
add name=RELAY_PPP3 addr=8*50 type=pppoa
add name=RELAY_PPP4 addr=8*51 type=pppoa
[ ipqos.ini ]
config dest=Br1 realtimerate=100
config dest=Br2 realtimerate=100
config dest=Br3 realtimerate=100
config dest=Br4 realtimerate=100
config dest=DIALUP_PPP1 realtimerate=100
config dest=RELAY_PPP2 realtimerate=100
config dest=RELAY_PPP3 realtimerate=100
config dest=RELAY_PPP4 realtimerate=100
queue config dest=Br1 queue=0
queue config dest=Br1 queue=1
queue config dest=Br1 queue=2
queue config dest=Br1 queue=3
queue config dest=Br2 queue=0
queue config dest=Br2 queue=1
queue config dest=Br2 queue=2
queue config dest=Br2 queue=3
queue config dest=Br3 queue=0
queue config dest=Br3 queue=1
queue config dest=Br3 queue=2
queue config dest=Br3 queue=3
queue config dest=Br4 queue=0
queue config dest=Br4 queue=1
queue config dest=Br4 queue=2
queue config dest=Br4 queue=3
queue config dest=DIALUP_PPP1 queue=0
queue config dest=DIALUP_PPP1 queue=1
queue config dest=DIALUP_PPP1 queue=2
queue config dest=DIALUP_PPP1 queue=3
queue config dest=RELAY_PPP2 queue=0
queue config dest=RELAY_PPP2 queue=1
queue config dest=RELAY_PPP2 queue=2
queue config dest=RELAY_PPP2 queue=3
queue config dest=RELAY_PPP3 queue=0
queue config dest=RELAY_PPP3 queue=1
queue config dest=RELAY_PPP3 queue=2
queue config dest=RELAY_PPP3 queue=3
queue config dest=RELAY_PPP4 queue=0
queue config dest=RELAY_PPP4 queue=1
queue config dest=RELAY_PPP4 queue=2
queue config dest=RELAY_PPP4 queue=3
[ qos.ini ]
config format=bytes
add name=default class=ubr
[ oam.ini ]
config clp=1 loopbackid=6a6a6a6a6a6a6a6a6a6a6a6a6a6a6a6a
mode port=dsl0 blocking=enabled
mode port=dsl1 blocking=enabled
mode port=atm2 blocking=enabled
mode port=atm3 blocking=enabled
mode port=aal5 blocking=enabled
mode port=atm5 blocking=enabled
[ pfirewall.ini ]
chain create chain=source
chain create chain=forward
chain create chain=sink
rule create chain=source index=0 dstintfgrp=!wan action=accept
rule create chain=source index=1 prot=udp dstport=dns action=accept
rule create chain=source index=2 prot=udp dstport=bootps action=accept
rule create chain=source index=3 action=drop
rule create chain=forward index=0 srcintfgrp=wan dstintfgrp=wan action=drop
rule create chain=sink index=0 srcintfgrp=!wan action=accept
rule create chain=sink index=1 prot=udp dstport=dns action=accept
rule create chain=sink index=2 prot=udp dstport=bootpc action=accept
rule create chain=sink index=3 action=drop
assign hook=sink chain=sink
assign hook=forward chain=forward
assign hook=source chain=source
[ label.ini ]
add name=BestEffort
add name=HighPriority
add name=MediumPriority
add name=RealTime
config name=BestEffort classification=increase defclass=4 ackclass=4
config name=HighPriority classification=increase defclass=10 ackclass=10
config name=MediumPriority classification=increase defclass=6 ackclass=6
config name=RealTime classification=increase defclass=14 ackclass=14
chain create chain=user_labels
[ bridge.ini ]
ifadd intf=Br1 dest=Br1
ifconfig intf=Br1
ifattach intf=Br1
ifadd intf=Br2 dest=Br2
ifconfig intf=Br2
ifattach intf=Br2
ifadd intf=Br3 dest=Br3
ifconfig intf=Br3
ifattach intf=Br3
ifadd intf=Br4 dest=Br4
ifconfig intf=Br4
ifattach intf=Br4
config age=300 filter=no_WAN_broadcast
[ pptp.ini ]
profadd name=default
[ ethoa.ini ]
[ ipoa.ini ]
[ cip.ini ]
[ pppoerelay.ini ]
add port=eth0
[ dhcp.ini ]
config autodhcp=on scantime=20 state=disabled trace=off
policy verifyfirst=off trustclient=on
[ pppoa.ini ]
ifadd intf=pppoa_DIALUP_PPP1
rtadd intf=pppoa_DIALUP_PPP1 dst=0.0.0.0/0 src=10.0.0.140/24 metric=1
ifconfig intf=pppoa_DIALUP_PPP1 dest=DIALUP_PPP1 accomp=on dnsmetric=0 idle=15 addrtrans=pat
ifconfig intf=pppoa_DIALUP_PPP1 user=2908041000 password=_DEV_14EA6D11F60E5A23 status=up
[ pppoe.ini ]
[ ip.ini ]
config forwarding=on firewalling=on redirects=on sourcerouting=off netbroadcasts=off ttl=64 fraglimit=64 defragmode=always addrcheck=dynamic mssclamping=on
apadd addr=10.0.0.138/24 intf=eth0 addroute=no
ifconfig intf=loop mtu=1500 group=local linksensing=off
ifconfig intf=eth0 mtu=1500 group=lan linksensing=off
ifconfig intf=pppoa_DIALUP_PPP1 mtu=1500 group=wan linksensing=off
rtadd dst=224.0.0.0/4 intf=eth0
rtadd dst=0.0.0.0/0 intf=eth0 metric=70
[ autoip.ini ]
[ eth.ini ]
ifconfig intf=1 type=auto
config intf=1 state=enabled
[ diagnostics.ini ]
config pingtimeout=1000 pingpacketsize=20
[ dnsc.ini ]
config qrytout=5 interval=10 qryretry=3 attempt=-1 search=on connection=permanent
add addr=127.0.0.1 port=53
[ dnsd.ini ]
domain domain=lan
start
troff
[ dhcr.ini ]
ifconfig intf=eth0 relay=on
add addr=127.0.0.1 intf=eth0 giaddr=10.0.0.138
[ dhcc.ini ]
config trace=off
[ adslpots.ini ]
config opermode=multimode maxbitspertoneUS=13 trace=off modemoption=10000000000000000000000000000000
[ nat.ini ]
bind application=ESP port=1
bind application=FTP port=ftp
bind application=GRE port=1
bind application=H323 port=h323
bind application=IKE port=ike
bind application=ILS port=ldap
bind application=ILS port=ils
bind application=IRC port=irc-u
bind application=PPTP port=1723
bind application=RAUDIO(PNA) port=realaudio
bind application=RTSP port=rtsp
[ autopvc.ini ]
config mode=active type=bridge opmode=partial overwrite=disabled peakrate=0
[ system.ini ]
setpassword userid=administrator password=_CYP_r97ZrSts2xiEM hash2=2c75c3a5ec81f7ae6208e619a63dba96
config upnp=disabled mdap=enabled drst=disabled
config dcache=enabled
[ upnp.ini ]
config maxage=1800 writemode=full safenat=disabled
[ endofarch ]
)
so wenn ich mich jetzt direckt nach dem router rein hänge und meine ip: 10.0.0.6, subnet: 255.255.255.0, Standartgateway: 10.0.0.138(router) DNS: 10.0.0.138(router)
kann ich ins internet also google.at pingen.
so jetzt habe ich die ASA gleich danach angeschlossen und so configuriert:
( aktuelle conf der ASA:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name lan
enable password * encrypted
passwd * encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 11.0.0.1 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif outside
security-level 0
ip address 10.0.0.1 255.255.255.0
ospf cost 10
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 10.0.0.138
domain-name lan
same-security-traffic permit intra-interface
access-list outside_in extended permit icmp any any
access-list outside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool word 11.0.0.5-11.0.0.200
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
route inside 0.0.0.0 0.0.0.0 11.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 11.0.0.8 255.255.255.255 inside
http 11.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:5ac50928ed6d452ab75c15456b11ac07
: end
ciscoasa(config)#
)
so jetzt schließe ich meine pc auch noch an der ASA an und stelle meine einstellungen auf: ip: 11.0.0.6 subnet: 255.255.255.0 Gateway: 11.0.0.1(firewall inside interface ip) DNS: 10.0.0.138(router)
jetzt kann ich aber von meinen pc aus den router sprich 10.0.0.138 nicht ping was mache ich falsch was habe ich vergessen oder funktioniert das so überhaupt wenn nein was mache ich falsch bitte um hilfe bin sehr im zeitdruck.
Bitte
also wenn ich kann jetzt von Tutty aus wenn ich vom inside interface die ip des outside interfaces pingen will das funkt ja auch nicht was habe ich vergessen?
kämpfe mich gerade schwer durch die doku von cisco aber wenn mir irgedwer mal helfen könnte das ich mal nen ansatz hätte woooooooooow das wäre so toll.
Danke für jede info!
muss noch dazu sagen habe mir die anderen Beiträge schon aufmerksam gelesen bin aber auf keinen grünen Zweig gekommen also bitte könnt ihr euch meine conf mal ansehen.
Also Configuriere die ASA über Tutty vom der ASA im OUTSIDE Interface kann ich den Router (10.0.0.138) pingen vom INSIDE alerdings wieder nicht warum?
Also mein Problem ist besser gesagt ich weiß nicht ob das überhaupt funkt und zwar habe ich einen Speedtouch Router (
Aktuelle conf des Speedtouch routers:
[ language.ini ]
config language=de
[ script.ini ]
add name=autopvc_add_qos index=0 command="qosbook add name _auto_$1_$2 class $3 tx_peakrate $4 tx_sustrate $5 tx_maxburst $6 rx_peakrate $4 rx_sustrate $5 rx_maxburst $6 dynamic yes"
add name=autopvc_delete_qos index=0 command="qosbook delete name _auto_$1_$2"
add name=autopvc_add_bridge index=0 command="qosbook add name _auto_$1_$2 class $3 tx_peakrate $4 tx_sustrate $5 tx_maxburst $6 rx_peakrate $4 rx_sustrate $5 rx_maxburst $6 dynamic yes"
add name=autopvc_add_bridge index=1 command="phonebook add name _auto_$1_$2 addr $1.$2 type any dynamic yes"
add name=autopvc_add_bridge index=2 command="bridge ifadd intf _auto_$1_$2 dest _auto_$1_$2"
add name=autopvc_add_bridge index=3 command="bridge ifconfig intf _auto_$1_$2 qos _auto_$1_$2"
add name=autopvc_add_bridge index=4 command="bridge ifattach intf _auto_$1_$2"
add name=autopvc_delete_bridge index=0 command="bridge ifdetach intf _auto_$1_$2"
add name=autopvc_delete_bridge index=1 command="bridge ifdelete intf _auto_$1_$2"
add name=autopvc_delete_bridge index=2 command="phonebook delete name _auto_$1_$2"
add name=autopvc_delete_bridge index=3 command="qosbook delete name _auto_$1_$2"
add name=autopvc_add_pppoerelay index=0 command="qosbook add name _auto_$1_$2 class $3 tx_peakrate $4 tx_sustrate $5 tx_maxburst $6 rx_peakrate $4 rx_sustrate $5 rx_maxburst $6 dynamic yes"
add name=autopvc_add_pppoerelay index=1 command="phonebook add name _auto_$1_$2 addr $1.$2 type any dynamic yes"
add name=autopvc_add_pppoerelay index=2 command="ethoa ifadd intf _auto_$1_$2 dest _auto_$1_$2"
add name=autopvc_add_pppoerelay index=3 command="ethoa ifconfig intf _auto_$1_$2 qos _auto_$1_$2"
add name=autopvc_add_pppoerelay index=4 command="ethoa ifattach intf _auto_$1_$2"
add name=autopvc_add_pppoerelay index=5 command="ip ifwait intf _auto_$1_$2 timeout 15 adminstatus up"
add name=autopvc_add_pppoerelay index=6 command="pppoe relay add port _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=0 command="pppoe relay delete port _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=1 command="ethoa ifdetach intf _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=2 command="ethoa ifdelete intf _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=3 command="phonebook delete name _auto_$1_$2"
add name=autopvc_delete_pppoerelay index=4 command="qosbook delete name _auto_$1_$2"
add name=autopvc_change_qos index=0 command="$$1 ifdetach intf $2"
add name=autopvc_change_qos index=1 command="$$1 ifconfig intf $2 qos $3"
add name=autopvc_change_qos index=2 command="$$1 ifattach intf $2"
add name=autopvc_change_qos_pppoerelay index=0 command="ethoa ifdetach intf $1"
add name=autopvc_change_qos_pppoerelay index=1 command="ethoa ifconfig intf $1 qos $2"
add name=autopvc_change_qos_pppoerelay index=2 command="ethoa ifattach intf $1"
add name=autopvc_change_qos_pppoerelay index=3 command="pppoe relay add port $1"
add name=autopvc_change_qos_pppoeethoa index=0 command="ethoa ifdetach intf $1"
add name=autopvc_change_qos_pppoeethoa index=1 command="ethoa ifconfig intf $1 qos $2"
add name=autopvc_change_qos_pppoeethoa index=2 command="ethoa ifattach intf $1"
add name=autopvc_change_qos_pppoeethoa index=3 command="pppoe ifattach intf $3"
add name=autopvc_change_qos_pppoa index=0 command="pppoa ifdetach intf $1"
add name=autopvc_change_qos_pppoa index=1 command="ip ifwait intf $1 timeout 5 adminstatus down"
add name=autopvc_change_qos_pppoa index=2 command="pppoa ifconfig intf $1 qos $2"
add name=autopvc_change_qos_pppoa index=3 command="pppoa ifattach intf $1"
[ env.ini ]
set var=CONF_REGION value=Austria
set var=CONF_PROVIDER value="Internet Service Provider"
set var=CONF_DESCRIPTION value=Austria
set var=CONF_SERVICE value="Broadband Network Address Translation (NAT)"
set var=CONF_DATE value="An der Konfiguration wurden manuell Änderungen vorgenommen."
set var=CONF_VERSION value=0.1
set var=HOST_SETUP value=none
set var=ST_LAN_IP_ADDR value=10.0.0.138
set var=ST_LAN_NET_MASK value=255.255.255.0
set var=COLUMNS value=80
set var=ROWS value=24
set var=SESSIONTIMEOUT value=120
set var=CONF_TPVERSION value=1.2.0
[ wizard.ini ]
config allow_factory_tpl=no trace=yes autopopup=no
[ snmp.ini ]
config RWCommunity=_DEV_89D368DC494085B5 ROCommunity=_DEV_EDA575EEFFBCA87B sysContact="Internet Service Provider" sysName="Speedtouch 510" sysLocation=Austria
[ phone.ini ]
add name=Br1 addr=8*35 type=ethoa
add name=Br2 addr=8*36 type=ethoa
add name=Br3 addr=8*37 type=ethoa
add name=Br4 addr=8*38 type=ethoa
add name=DIALUP_PPP1 addr=8*48 type=pppoa
add name=RELAY_PPP2 addr=8*49 type=pppoa
add name=RELAY_PPP3 addr=8*50 type=pppoa
add name=RELAY_PPP4 addr=8*51 type=pppoa
[ ipqos.ini ]
config dest=Br1 realtimerate=100
config dest=Br2 realtimerate=100
config dest=Br3 realtimerate=100
config dest=Br4 realtimerate=100
config dest=DIALUP_PPP1 realtimerate=100
config dest=RELAY_PPP2 realtimerate=100
config dest=RELAY_PPP3 realtimerate=100
config dest=RELAY_PPP4 realtimerate=100
queue config dest=Br1 queue=0
queue config dest=Br1 queue=1
queue config dest=Br1 queue=2
queue config dest=Br1 queue=3
queue config dest=Br2 queue=0
queue config dest=Br2 queue=1
queue config dest=Br2 queue=2
queue config dest=Br2 queue=3
queue config dest=Br3 queue=0
queue config dest=Br3 queue=1
queue config dest=Br3 queue=2
queue config dest=Br3 queue=3
queue config dest=Br4 queue=0
queue config dest=Br4 queue=1
queue config dest=Br4 queue=2
queue config dest=Br4 queue=3
queue config dest=DIALUP_PPP1 queue=0
queue config dest=DIALUP_PPP1 queue=1
queue config dest=DIALUP_PPP1 queue=2
queue config dest=DIALUP_PPP1 queue=3
queue config dest=RELAY_PPP2 queue=0
queue config dest=RELAY_PPP2 queue=1
queue config dest=RELAY_PPP2 queue=2
queue config dest=RELAY_PPP2 queue=3
queue config dest=RELAY_PPP3 queue=0
queue config dest=RELAY_PPP3 queue=1
queue config dest=RELAY_PPP3 queue=2
queue config dest=RELAY_PPP3 queue=3
queue config dest=RELAY_PPP4 queue=0
queue config dest=RELAY_PPP4 queue=1
queue config dest=RELAY_PPP4 queue=2
queue config dest=RELAY_PPP4 queue=3
[ qos.ini ]
config format=bytes
add name=default class=ubr
[ oam.ini ]
config clp=1 loopbackid=6a6a6a6a6a6a6a6a6a6a6a6a6a6a6a6a
mode port=dsl0 blocking=enabled
mode port=dsl1 blocking=enabled
mode port=atm2 blocking=enabled
mode port=atm3 blocking=enabled
mode port=aal5 blocking=enabled
mode port=atm5 blocking=enabled
[ pfirewall.ini ]
chain create chain=source
chain create chain=forward
chain create chain=sink
rule create chain=source index=0 dstintfgrp=!wan action=accept
rule create chain=source index=1 prot=udp dstport=dns action=accept
rule create chain=source index=2 prot=udp dstport=bootps action=accept
rule create chain=source index=3 action=drop
rule create chain=forward index=0 srcintfgrp=wan dstintfgrp=wan action=drop
rule create chain=sink index=0 srcintfgrp=!wan action=accept
rule create chain=sink index=1 prot=udp dstport=dns action=accept
rule create chain=sink index=2 prot=udp dstport=bootpc action=accept
rule create chain=sink index=3 action=drop
assign hook=sink chain=sink
assign hook=forward chain=forward
assign hook=source chain=source
[ label.ini ]
add name=BestEffort
add name=HighPriority
add name=MediumPriority
add name=RealTime
config name=BestEffort classification=increase defclass=4 ackclass=4
config name=HighPriority classification=increase defclass=10 ackclass=10
config name=MediumPriority classification=increase defclass=6 ackclass=6
config name=RealTime classification=increase defclass=14 ackclass=14
chain create chain=user_labels
[ bridge.ini ]
ifadd intf=Br1 dest=Br1
ifconfig intf=Br1
ifattach intf=Br1
ifadd intf=Br2 dest=Br2
ifconfig intf=Br2
ifattach intf=Br2
ifadd intf=Br3 dest=Br3
ifconfig intf=Br3
ifattach intf=Br3
ifadd intf=Br4 dest=Br4
ifconfig intf=Br4
ifattach intf=Br4
config age=300 filter=no_WAN_broadcast
[ pptp.ini ]
profadd name=default
[ ethoa.ini ]
[ ipoa.ini ]
[ cip.ini ]
[ pppoerelay.ini ]
add port=eth0
[ dhcp.ini ]
config autodhcp=on scantime=20 state=disabled trace=off
policy verifyfirst=off trustclient=on
[ pppoa.ini ]
ifadd intf=pppoa_DIALUP_PPP1
rtadd intf=pppoa_DIALUP_PPP1 dst=0.0.0.0/0 src=10.0.0.140/24 metric=1
ifconfig intf=pppoa_DIALUP_PPP1 dest=DIALUP_PPP1 accomp=on dnsmetric=0 idle=15 addrtrans=pat
ifconfig intf=pppoa_DIALUP_PPP1 user=2908041000 password=_DEV_14EA6D11F60E5A23 status=up
[ pppoe.ini ]
[ ip.ini ]
config forwarding=on firewalling=on redirects=on sourcerouting=off netbroadcasts=off ttl=64 fraglimit=64 defragmode=always addrcheck=dynamic mssclamping=on
apadd addr=10.0.0.138/24 intf=eth0 addroute=no
ifconfig intf=loop mtu=1500 group=local linksensing=off
ifconfig intf=eth0 mtu=1500 group=lan linksensing=off
ifconfig intf=pppoa_DIALUP_PPP1 mtu=1500 group=wan linksensing=off
rtadd dst=224.0.0.0/4 intf=eth0
rtadd dst=0.0.0.0/0 intf=eth0 metric=70
[ autoip.ini ]
[ eth.ini ]
ifconfig intf=1 type=auto
config intf=1 state=enabled
[ diagnostics.ini ]
config pingtimeout=1000 pingpacketsize=20
[ dnsc.ini ]
config qrytout=5 interval=10 qryretry=3 attempt=-1 search=on connection=permanent
add addr=127.0.0.1 port=53
[ dnsd.ini ]
domain domain=lan
start
troff
[ dhcr.ini ]
ifconfig intf=eth0 relay=on
add addr=127.0.0.1 intf=eth0 giaddr=10.0.0.138
[ dhcc.ini ]
config trace=off
[ adslpots.ini ]
config opermode=multimode maxbitspertoneUS=13 trace=off modemoption=10000000000000000000000000000000
[ nat.ini ]
bind application=ESP port=1
bind application=FTP port=ftp
bind application=GRE port=1
bind application=H323 port=h323
bind application=IKE port=ike
bind application=ILS port=ldap
bind application=ILS port=ils
bind application=IRC port=irc-u
bind application=PPTP port=1723
bind application=RAUDIO(PNA) port=realaudio
bind application=RTSP port=rtsp
[ autopvc.ini ]
config mode=active type=bridge opmode=partial overwrite=disabled peakrate=0
[ system.ini ]
setpassword userid=administrator password=_CYP_r97ZrSts2xiEM hash2=2c75c3a5ec81f7ae6208e619a63dba96
config upnp=disabled mdap=enabled drst=disabled
config dcache=enabled
[ upnp.ini ]
config maxage=1800 writemode=full safenat=disabled
[ endofarch ]
)
so wenn ich mich jetzt direckt nach dem router rein hänge und meine ip: 10.0.0.6, subnet: 255.255.255.0, Standartgateway: 10.0.0.138(router) DNS: 10.0.0.138(router)
kann ich ins internet also google.at pingen.
so jetzt habe ich die ASA gleich danach angeschlossen und so configuriert:
( aktuelle conf der ASA:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name lan
enable password * encrypted
passwd * encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 11.0.0.1 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif outside
security-level 0
ip address 10.0.0.1 255.255.255.0
ospf cost 10
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 10.0.0.138
domain-name lan
same-security-traffic permit intra-interface
access-list outside_in extended permit icmp any any
access-list outside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool word 11.0.0.5-11.0.0.200
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
route inside 0.0.0.0 0.0.0.0 11.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 11.0.0.8 255.255.255.255 inside
http 11.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:5ac50928ed6d452ab75c15456b11ac07
: end
ciscoasa(config)#
)
so jetzt schließe ich meine pc auch noch an der ASA an und stelle meine einstellungen auf: ip: 11.0.0.6 subnet: 255.255.255.0 Gateway: 11.0.0.1(firewall inside interface ip) DNS: 10.0.0.138(router)
jetzt kann ich aber von meinen pc aus den router sprich 10.0.0.138 nicht ping was mache ich falsch was habe ich vergessen oder funktioniert das so überhaupt wenn nein was mache ich falsch bitte um hilfe bin sehr im zeitdruck.
Bitte
also wenn ich kann jetzt von Tutty aus wenn ich vom inside interface die ip des outside interfaces pingen will das funkt ja auch nicht was habe ich vergessen?
kämpfe mich gerade schwer durch die doku von cisco aber wenn mir irgedwer mal helfen könnte das ich mal nen ansatz hätte woooooooooow das wäre so toll.
Danke für jede info!
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedinPlease also mark the comments that contributed to the solution of the article
Content-Key: 114373
Url: https://administrator.de/contentid/114373
Printed on: April 16, 2024 at 08:04 o'clock
1 Comment
kann mir wirklich niemand helfen????