Consulta Sobre ASA
Vidaluz Arista
vlal en ideay.net.ni
Jue Jun 10 20:08:23 CLT 2010
Hola a todos,
Disculpen el off topic, pero tengo un problema desde hace 3 dias, resulta que tengo un ASA version 7.0(8), todo ha funcionado bien, no se hizo ningun cambio y de pronto el puerto 25 dejo de responder, ahi hya un lotus dominio, viene la peticio y el ASA redirige la peticion del puerto 25 a un servidor privado, lo demas puertos a ese servidor se ven bien tales como el 110, 143 y el 80, el problema es con el 25, crei que era el servidor y configure un postfix en un linux, lo puse en la red privada dirigi los puertos ahi y los mismo, de afuera no se puede ver, intermanete si se puede ver le puerto 25.
Ya hice los capture para los logs, pase el pcap al wireshark pero la verdad no veo nada, toy ciega en este asunto, lo unico que veo el wire shark en la trasmision control protocol es un Checksum [validation disabled]
Les dejo parte d ela ocnfiguracion del access list y el NAT
access-list I-Hospital_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list I-Hospital_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 102.168.1.0 255.255.255.0
access-list I-Hospital_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list I-Hospital_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list prico extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list Internet_access_in extended permit tcp host 200.9.190.130 eq ssh host 200.93.189.245
access-list Internet_access_in extended permit icmp any host 200.93.189.244
access-list Internet_access_in extended permit icmp any host 200.93.189.245
access-list Internet_access_in extended permit icmp any host 200.93.189.246
access-list Internet_access_in extended permit udp any eq domain host 200.93.189.246
access-list Internet_access_in extended permit udp any eq dnsix host 200.93.189.246
access-list Internet_access_in extended permit tcp any host 200.93.189.246
access-list Internet_access_in extended permit tcp any host 200.93.189.244 eq smtp
access-list Internet_access_in extended permit tcp any eq lotusnotes host 200.93.189.244
access-list Internet_access_in extended permit tcp any eq www host 200.93.189.244
access-list Internet_access_in extended permit tcp any eq 3389 host 200.93.189.244
access-list Internet_access_in extended permit tcp any host 200.93.189.244 eq pop3
access-list Internet_access_in extended permit tcp any eq pop3 host 200.93.189.244
access-list Internet_access_in extended permit tcp any eq www host 200.93.189.245
access-list Internet_access_in extended permit tcp any eq https host 200.93.189.245
access-list Internet_access_in extended permit udp any eq www host 200.93.189.245
access-list Internet_access_in extended permit udp any eq domain host 200.93.189.245
access-list Internet_access_in extended permit tcp host 165.98.228.218 any
access-list Internet_access_in extended permit ip any host 200.93.189.245
access-list Internet_access_in extended permit udp any eq isakmp any
access-list Internet_access_in extended permit esp any any
access-list Internet_access_in extended permit udp any eq 4500 any
access-list Internet_access_in extended permit icmp any any
access-list Internet_access_in extended permit tcp any host 200.93.189.246 eq smtp
access-list metrosur extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list I-Hospital_access_in extended permit ip any any
access-list I-Hospital_access_in extended permit icmp any any
access-list Internet_access_out extended permit ip host 200.93.189.246 any
access-list Internet_access_out extended permit ip host 200.93.189.244 any
access-list Internet_access_out extended permit ip host 200.93.189.245 any
access-list Internet_access_out extended permit ip 200.93.189.0 255.255.255.0 any
access-list Internet_access_out extended permit icmp any any
access-list Internet_cryptomap_20_1 extended permit ip 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list Internet_cryptomap_40 extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list Internet_cryptomap_60 extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
static (I-Hospital,Internet) 200.93.189.246 192.168.0.6 netmask 255.255.255.255
static (I-Hospital,Internet) 200.93.189.244 192.168.0.16 netmask 255.255.255.255
static (I-Hospital,Internet) 200.93.189.245 192.168.0.17 netmask 255.255.255.255
access-group Internet_access_in in interface Internet
Agradeceria sus sugerencias.
Más información sobre la lista de distribución Linux