I have an access rule on the firewall that allows IP traffic from any source on the inside network to any less secure network (there is one for both IPv4 and 6). Restrict flow to Outside (had to do this for licensing reasons) Right now our internal network is on 192.168.1.0/24, and the public IP we have from the ISP is in the 125.x.x.x range. I am trying to set up a Cisco ASA 5505 to be connected with a public IP address on one interface, and to have the second interface connect to our internal network. There is something about routing especially that I just haven't had that "Oh I get it" moment yet, so it's likely this is a very basic misconfiguration. The following configuration has to be applied to the firewall to establish a working TCP session between the laptop and the HTTP server.I'll start by pointig out that networking issues have always left me scratching my head. The TCP SYN is allowed to flow from the laptop to the server, but the TCP ACK is blocked by the firewall. Access-lists must be configured to allow the traffic flow from lower security levels to higher security levels.ĭespite this default behavior, the simulated ASA 5505 available in Packet Tracer 6.1 does not allow the laptop to establish a working TCP connection with the HTTP server located in the outside network. The default ASA 5505 firewall behavior is to allow traffic to flow from interfaces with higher security levels ("inside" interfaces) to interfaces with lower security levels ("outside" interfaces), but to deny traffic on the other way.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |