cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
707
Views
5
Helpful
9
Replies

New ASA installation

jglover72
Level 1
Level 1

I have a new ASA 5510 that is behind our router/firewall. I am having some problems with configuration and not sure where I am hung up. I can't ping the internal Lan, 192.168.1. addresses. I have attached my configuration.

9 Replies 9

acomiskey
Level 10
Level 10

Seeing as you're not natting, the clients on 192.168.1.0 that you are trying to ping would have to have a route to the 192.168.10.0 network via the outside interface of the ASA, 192.168.1.22.

Also, this route stament is not correct as 192.168.1.0 is on the outside of the ASA.

route inside 192.168.0.0 255.255.0.0 192.168.10.1 1

patil_pritam
Level 1
Level 1

copy paste this two lines

!

access-list acl_in permit ip any any

access-group acl_in in interface inside

!

Sorry for my ignorance as I am new to the ASA's. I have attached my "new" config. I tried adding the two lines and had no luck. I also changed the route inside to outside and had no luck.

I would disregard the previous post, as you do not need that inside acl.

This is not right either...

route outside 192.168.0.0 255.255.0.0 192.168.10.1 1

You can put back what you had, but would be a good idea to be more specific as all 192.168.0.0/16 networks are not on the inside as 192.168.1.0 is on the outside. For exmaple, if the networks accessed by 192.168.10.1 were 192.168.2.0 and 192.168.3.0 then...

route inside 192.168.2.0 255.255.255.0 192.168.10.1

route inside 192.168.3.0 255.255.255.0 192.168.10.1

You need a way for the clients on 192.168.1.0 to route to 192.168.1.22 when accessing 192.168.10.0. For example, if you had an outside router you could do...

ip route 192.168.10.0 255.255.255.0 192.168.1.22

What you can do is, just check the gateway of that 192.168.1.0 clients it should be 192.168.1.22 if that clients have different gateway address (another router) then that router should have route back to the ASA for your 192.168.10.0 network.

for an example in the router command should be

ip route 192.168.10.0 255.255.255.0 192.168.1.22

What you can do is, just check the gateway of that 192.168.1.0 clients it should be 192.168.1.22 if that clients have different gateway address (another router) then that router should have route back to the ASA for your 192.168.10.0 network.

for an example in the router command should be

ip route 192.168.10.0 255.255.255.0 192.168.1.22

remove your current nat statement

and add the following statement

static (inside,outside) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0

Thanks, got it working. I need to know the ports than I need to pass to the ASA with my existing router/firewall as the ASA will be behind the existing.

Can you help me with that?

which command solved your pinging problem?

from inside ping to outside?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: