aime
-
3 juin 2010 à 08:42
Urel_RT
Messages postés191Date d'inscriptionvendredi 23 avril 2010StatutMembreDernière intervention 8 juin 2010
-
3 juin 2010 à 08:59
Bonjour,
Veuillez m'aider avec ma configuration ci-dessous, je n'arrive pas a communiquer entre les deux réseaux. Ce que je veux et que le réseau ip address 192.168.10.0 ou réside mon serveur 192.168.10.3 (inside) soit accessible par le réseau publique 192.168.4.0
: Saved
:
ASA Version 8.2(1)
!
hostname OnatelASA5505
enable password PFyTCiJ3.3nglO3d encrypted
passwd GigrJE94GYCxD64Z encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Vlan2
nameif LanOnatelOutside
security-level 0
ip address 192.168.4.2 255.255.255.0
!
interface Vlan4
no nameif
no security-level
no ip address
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
switchport access vlan 4
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
banner login BIENVENUE SUR LE ROUTEUR CISCO ASA5501 DE L'ONATEL
ftp mode passive
clock timezone GMT 0
access-list user-access-server extended permit icmp any any echo-reply
access-list user-access-server extended permit icmp any any time-exceeded
access-list user-access-server extended permit icmp any any echo
access-list user-access-server extended permit tcp host 192.168.4.209 host 192.168.4.2
access-list user-access-server extended permit tcp host 192.168.4.209 host 192.168.4.2 eq 3389
access-list user-access-server extended permit tcp any host 192.168.4.2
access-list server-access-out extended deny udp any any eq tftp
access-list server-access-out extended deny udp any any eq 135
access-list server-access-out extended deny tcp any any eq 135
access-list server-access-out extended deny udp any any eq netbios-ns
access-list server-access-out extended deny udp any any eq netbios-dgm
access-list server-access-out extended deny tcp any any eq netbios-ssn
access-list server-access-out extended deny udp any any eq 139
access-list server-access-out extended deny tcp any any eq 445
access-list server-access-out extended deny tcp any any eq 593
access-list server-access-out extended deny tcp any any eq 4444
access-list server-access-out extended permit ip any any
pager lines 24
logging enable
logging asdm debugging
mtu inside 1500
mtu LanOnatelOutside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (LanOnatelOutside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,LanOnatelOutside) interface 192.168.10.3 netmask 255.255.255.255
access-group server-access-out in interface inside
access-group user-access-server in interface LanOnatelOutside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 192.168.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config LanOnatelOutside
!
Par contre verifie bien tes ACL, car comme LanOnatelOutside est en secu lvl 0, par défaut, il ne pourra pas communiquer vers Inside (mais inversement oui, car 100>0 )
