Question

Locked

Cisco ASA 5520 config

By CCarter8 ·
I have a configuration that only works for specific IP addresses allowing them through the firewall. However I wondering how would configure my firewall to allow dhcp assigned addresses through it. Here is the config. Any help would be appreciated.

[ENTER OUTSIDE FIREWALL IP BELOW]
interface GigabitEthernet0/0
description Outside WAN Interface
nameif outside
security-level 0
ip address 192.168.10.1 255.255.255.0
no shut
exit
[PRESS ENTER]


[ENTER INSIDE FIREWALL IP BELOW]
interface GigabitEthernet0/1
description Inside LAN Interface
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
no shut
exit
[PRESS ENTER]


interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
exit
[PRESS ENTER]


interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
exit
[PRESS ENTER]


interface Management0/0
nameif management
security-level 100
no ip address
management-only
exit
[PRESS ENTER]


passwd somepw encrypted
banner login Welcome to $(hostname) All commands are subject to logging.
banner motd Welcome to $(hostname) All commands are subject to logging.
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object-group service allowed_tcp tcp
port-object eq 80
port-object eq 443
port-object eq 8105
port-object eq 8404
exit
[PRESS ENTER]


object-group service allowed_udp udp
port-object eq 8001
exit
[PRESS ENTER]


object-group icmp-type icmp
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
exit
[PRESS ENTER]


[REMEMBER TO ENTER CORRECT OUTSIDE SUBNET W/ MASK]
access-list 101 remark -ACCESS LIST 101 APPLIED TO OUTSIDEaccess-
access-list 101 remark -WAN to LANaccess-
access-list 101 remark -Allowed ICMP Pass-Thruaccess-
access-list 101 extended permit icmp any any object-group icmp
access-list 101 remark -Deny all other INBOUND traffic (Defaulted, but reassurance)-
access-list 101 extended deny ip any any log alerts
access-list 102 remark -ACCESS LIST 102 APPLIED TO INSIDEaccess-
access-list 102 remark -LAN to WANaccess-
access-list 102 extended permit tcp any 192.168.10.0 255.255.255.0 object-group allowed_tcp
access-list 102 extended permit udp any 192.168.10.0 255.255.255.0 object-group allowed_udp
access-list 102 remark -Allowed ICMP Pass-Thruaccess-
access-list 102 extended permit icmp any any echo
access-list 102 extended permit icmp any any object-group icmp
access-list 102 remark -Deny all other OUTBOUND trafficaccess-
access-list 102 extended deny ip any any log alerts
pager lines 10
logging enable
logging timestamp
logging console alerts
logging monitor alerts
logging asdm informational
logging queue 500
mtu outside 1500
mtu inside 1500
mtu management 1500
ip verify reverse-path interface outside
ip verify reverse-path interface inside
no failover
icmp deny any outside
icmp permit any echo inside
icmp permit any unreachable inside
icmp permit any time-exceeded inside
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 101 in interface Outside
access-group 102 in interface Inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable


[ENTER SERVER ADDRESS BELOW]
http 192.168.100.10 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt noproxyarp outside
sysopt noproxyarp inside
telnet timeout 1
crypto key generate rsa modulus 1024


[ENTER INSIDE SUBNET W/ MASK BELOW FOR SSH ACCESS]
ssh 192.168.100.0 255.255.255.0 inside
ssh 192.168.100.0 255.255.255.0 management
ssh timeout 60
ssh version 2
console timeout 0
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect esmtp
inspect sqlnet
inspect tftp
exit
[PRESS ENTER]

exit
[PRESS ENTER]

wr m
[PRESS ENTER]

reload
[PRESS ENTER]

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Share your knowledge
Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums