6/9/2023 0 Comments Asa 5505Icmp unreachable rate-limit 1 burst-size 1 Same-security-traffic permit inter-interface I wouldn't have thought it should be so hard?Ĭonfiguration is as follows: ASA Version 8.2(5)Įnable password HxFQQ4ozRZkZGyAK encrypted Basically, I would be satisfied with total access (including RPC, DCOM, whatever) from VLAN-MWTP to VLAN-OPC. You can probably see where my inspection policies start to get sloppy. I have tried a few different things such as enable DCERPC inspection as instructed by a few forums but still no joy, but by this point I feel out of my depth so I could very well be doing something wrong. I have isolated this to be a firewall issue, not Windows DCOM as is a common issue with OPC connections (had that struggle already!) I tested by setting IP of OPC PC to same subnet as MWTP-VLAN and bypassed firewall. I get the error "The RPC server is unavailable" A PC on VLAN-MWTP can ping and rdp to the VLAN-OPC server PC using NATed 192.168.50.32 (translates to 192.168.77.4), but it seems it cannot browse or connect to the OPC server. VLAN-OPC can access the VLAN-AWTP ok (can access TCP port on industrial device). Here's my current state of affairs and my issue: This involves NATing and such which I think I have implemented ok. The purpose of the firewall is to give VLAN-MWTP access to a PC on VLAN-OPC (FULL access is ok), and give limited access (single TCP port) from the OPC server to the industrial device. Outside IP range (VLAN-MWTP): 192.168.50.xxx (OPC client) Inside IP range (VLAN-AWTP): (industrial devices)ĭMZ IP range (VLAN-OPC): 192.168.77.xxx (only has OPC Server PC which accesses an industrial network device) I am integrating a Cisco ASA 5505 firewall in the following manner:
0 Comments
Leave a Reply. |