10-04-2008 04:13 AM - edited 03-11-2019 06:53 AM
Hi All,
I have proxy server and having two interface.One int face isconnected to Lan(192.168.*.*) and another 192.168.3.100 which is connected to my firwall.
I have configured in ASA,inside ip 192.168.3.99 and outside ip 192.168.4.2.All lan user using proxy for the internet.From ASA ,I can ping all interface.but i cant ping 192.168.3.99 from the proxy server and internet is also is not working.What would be the problem.
Solved! Go to Solution.
10-07-2008 02:30 AM
from the firewall are you able to ping proxy 3.99 ?
from the proxy ping 4.2.2.2 and turn on
logg on
logg mon 7
term mon
debug icmp trace
send me the above outputs
10-04-2008 10:06 AM
internet-<-----ASAx.x.3.100--<-----x.x.3.99ProxyServer----
a) from Lan can you ping 192.168.3.100 ?
b)In the Access-list applied on outside interface, add the line, access-list
c)Now, ping 4.2.2.2 from the LAN, turn on "debug icmp trace" do you see icmp packet reaching firewall ?
If possible post your configuration here ...
10-06-2008 10:56 PM
All lan traffic is coming through the Proxy server IPs :lan 192.168.*.*.LAn and proxy server is in the same network.
Proxy Second ip 192.168.3.100 which is connected inside interface 192.168.3.99.Ouside ip 192.168.4.2 which is connectd to BSNL modem 192.168.4.1
BMR1C# sh run
: Saved
:
ASA Version 7.0(6)
!
!
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.3.99 255.255.255.0
!
interface Ethernet0/0.1
shutdown
no vlan
no nameif
no security-level
no ip address
!
interface Ethernet0/0.2
shutdown
no vlan
no nameif
no security-level
no ip address
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
nameif Outside
security-level 0
ip address 192.168.4.2 255.255.255.0
!
interface Management0/0
nameif management
security-level 0
ip address *.*.*.* 255.255.255.128
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu Outside 1500
mtu management 1500
no asdm history enable
arp timeout 14400
route inside 192.168.0.0 255.255.255.0 192.168.3.100 1
route Outside 0.0.0.0 0.0.0.0 192.168.4.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:2143d98d4cd9274aabcf7c7d19e73c7d
: end
BMRC#
10-06-2008 11:28 PM
Take care of following points :-
You have a ASA 5505 correct ? By default, port e0/0 is the outside Interface and rest 0/1-0/7 part of VLAN1 which is inside interface, but you have made e0/0 as inside, please make sure you have it assigned on VLAN 1 (inside) and e0/2 must be assigned in VLAN 2
b)Remove the logical VLANs
no interface Ethernet0/0.1
no interface Ethernet0/0.2
c)You never answered if you are able to ping inside interface from any inside LAN machine ?
d)On the Outside you have a private IP, who does the NATTing ? outside modem or ASA ?
I would like you to add following commands
policy-map global_policy
class inspection_default
inspect icmp
logg mon 7
term mon
logg on
Now onc you have thess commands in place, ping 4.2.2.2 and collect the logs, paste it here
10-07-2008 01:59 AM
C.NO
d.Nat ASA I
BMRC# debug icmp trace
debug icmp trace enabled at level 1
BMRC# ping 4.2.2.2
ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=4838
4 len=72
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
!ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72
!ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72
ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
!ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72
!ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72
ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
10-07-2008 02:05 AM
add
nat (inside) 1 0 0
global (outside) 1 interface
10-07-2008 02:13 AM
I am not able to ping 192.168.3.99
route Outside 0.0.0.0 0.0.0.0 192.168.4.1 1
route inside 192.168.0.0 255.255.255.0 192.168.3.99 1
10-07-2008 02:25 AM
access-list outacc extended permit icmp any any
access-group outacc in interface Outside
10-07-2008 02:30 AM
from the firewall are you able to ping proxy 3.99 ?
from the proxy ping 4.2.2.2 and turn on
logg on
logg mon 7
term mon
debug icmp trace
send me the above outputs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide