![]() Snmp-server enable traps snmp authentication linkup linkdown coldstart warmstartĬrypto ipsec security-association pmtu-aging infiniteĭhcpd dns 192.168.1.10 192.168.1.11 interface insideĭhcpd domain mydomain.dk interface insideĭhcpd address 172.16.1.180-172.16.1.199 dmz Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absoluteĭynamic-access-policy-reco rd DfltAccessPolicy Nat (inside,outside) after-auto source dynamic any interfaceĪccess-group outside_access_in in interface outsideĪccess-group inside_access_in in interface insideĪccess-group dmz_access_in in interface dmz Icmp unreachable rate-limit 1 burst-size 1 Ip audit name ATTACKTEST attack action alarm reset Ip audit name INFOTEST info action alarm reset Network-object 223.255.255.0 255.255.255.0Īccess-list HTTP_TO_DMZ extended deny ip object-group rfc3330-subnets anyĪccess-list HTTP_TO_DMZ extended permit tcp any object-group WEB_SERVERS object-group WEB_SERVICESĪccess-list HTTP_TO_DMZ extended permit tcp any object-group MAIL_SERVERS object-group MAIL_SERVICESĪccess-list HTTP_TO_DMZ extended permit icmp any anyĪccess-list HTTP_TO_DMZ extended permit ip any anyĪccess-list MAIL_TO_DMZ extended deny ip object-group rfc3330-subnets anyĪccess-list MAIL_TO_DMZ extended permit tcp any object-group MAIL_SERVERS object-group MAIL_SERVICESĪccess-list MAIL_TO_DMZ extended permit ip any anyĪccess-list dmz_access_in extended permit icmp any anyĪccess-list dmz_access_in extended permit ip any anyĪccess-list inside_access_in extended permit icmp any anyĪccess-list inside_access_in extended permit ip any anyĪccess-list outside_access_in extended permit icmp any anyĪccess-list outside_access_in extended permit ip any any Same-security-traffic permit intra-interfaceĭescription Group of all rfc3330 subnets incl private and special use Same-security-traffic permit inter-interface It is therefore very important that I can use ping anywhere on my LAN and DMZ as well as the Internet. On my LAN, I have some monitoring software running using ping to see if various machines are running (both physical and virtual machines). I am desperately trying to put my Cisco ASA 5505 up to accept ping requests from the Internet and my DMZ. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |