07-14-2008 09:41 AM - edited 03-11-2019 06:13 AM
We installed an ASA 5510 today and are having some problems. I can ping to the inside interface from my PC but can not get beyond that. From the ASA I can ping the outside workd no problem. Here is out config. Of course I removed our outside addresses, but they are correct as I can ping to and from them. Thank you for your help.
Jason
thompsonasa# sh run
: Saved
:
ASA Version 7.0(7)
!
hostname xxxxxxxxasa
domain-name xxxxxxxxx.local
enable password xxx
names
dns-guard
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.x x.x.x.x
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address 10.10.253.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd xxx
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
mtu Inside 1500
mtu Outside 1500
no failover
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 x.x.x.x-x.x.x.x netmask x.x.x.x
nat (Inside) 10 10.10.1.0 255.255.255.0
route Inside 10.10.1.0 255.255.255.0 10.10.1.1 1
route Outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.10.0.0 255.255.0.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:xxx
: end
07-14-2008 10:42 AM
Got it. It won't work with a range of dynamic addresses. Any iedeas?
Jason
07-14-2008 12:53 PM
Jason,
You are only NATing the 10.10.10.0/24 network, so anything behind inside interface other than 10.10.10.0 will not be nated.
your statement
nat (Inside) 10 10.10.1.0 255.255.255.0
do instead for anything behind inside interface
nat (inside) 10 0 0
HTH
-Jorge
07-14-2008 01:43 PM
Jorge,
We are nating for the 10.10.1.0 network. When I put an address pool for the global addresses it fails. If I use PAT and use one address it works fine. Got internet access and inboung smtp working. Now I can not get OWA to work. This thing is going to kill me.
Jason
07-14-2008 01:58 PM
Jason, btw.. that's an old code.. I would at least bring it to 7.2 , I have read lost of weird things on 7.0.7 even though is on GD stage.
07-15-2008 12:51 AM
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.x x.x.x.x
global (Outside) 10 x.x.x.x-x.x.x.x netmask x.x.x.x
nat (Inside) 10 10.10.1.0 255.255.255.0
route Inside 10.10.1.0 255.255.255.0 10.10.1.1 1
route Outside 0.0.0.0 0.0.0.0 x.x.x.x 1
What is x.x.x.x?
Could you make more wise replacement?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: