Cisco 5520 Conf t Help........

Discussion in 'OT Technology' started by i69UrMOM, May 1, 2008.

  1. i69UrMOM

    i69UrMOM New Member

    Joined:
    Feb 6, 2007
    Messages:
    5,946
    Likes Received:
    0
    Location:
    Canton, GA
    Alright I posted a thread yesterday about needing help with a DMZ i was creating. By the time everyone started to post in it I was already at home. So I'm just making a new one and starting from fresh.

    Alright here is the issue. The server connected on 172.16.10.202 can go out and is using the 115.204 IP. My inside is working correctly and any computer with a 172.16.0.0 will go out on 115.206. My issue is those static rules I wrote to allow people to come in is not working. I'm new to this firewall stuff (IBNoob :wtc:) so I'm sure I'm missing something just not sure what it is.


    Here is the show run (I think I took out all the sensitive stuff I work for the government so if I missed something please please don't spread this around)

     
  2. i69UrMOM

    i69UrMOM New Member

    Joined:
    Feb 6, 2007
    Messages:
    5,946
    Likes Received:
    0
    Location:
    Canton, GA
    I just added this......

    access-group outside in interface Outside

    and its still not working WTF!
     
  3. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Do you have a static IP address on the outside?
     
  4. i69UrMOM

    i69UrMOM New Member

    Joined:
    Feb 6, 2007
    Messages:
    5,946
    Likes Received:
    0
    Location:
    Canton, GA
    I got it working well sort of. Apparently me writing everything thru CLI wasn't getting picked up. I went into the stupid ass GUI and none of the ACLs were there so I added thru the GUI and it took them now.

    My next issue is they are doing SFTP traffic on one of the ports and the firewall is not allowing those high communication calls to be made. I've got it inspecting for FTP but I can't find where to tell the firewall that the FTP traffic is coming on a non standard port not the 20,21 ports.

    I just put a TAC call in so I'll see what they say. I really don't want to write 1000 fucking static lines out just to allow those ports
     
  5. midcalbrew

    midcalbrew OT Supporter

    Joined:
    Jun 14, 2006
    Messages:
    2,376
    Likes Received:
    0
    Location:
    MidCal
    Well, in the config above, you didn't have any ACLs. You just had static routes down to the port level - you still needed the ACLs to allow the access. I'm lazy, so I just do statics from outside to inside IP, no port specifications. Then in the ACL I enable what ports on the outside IP are accessible.

    And you say you're doing 'SFTP' traffic ... that's not TCP/20,21 ... it's ssh, TCP/22. Unless you made a typo.
     

Share This Page