10-04-2008 04:13 AM - edited 03-11-2019 06:53 AM
Hi All,
I have proxy server and having two interface.One int face isconnected to Lan(192.168.*.*) and another 192.168.3.100 which is connected to my firwall.
I have configured in ASA,inside ip 192.168.3.99 and outside ip 192.168.4.2.All lan user using proxy for the internet.From ASA ,I can ping all interface.but i cant ping 192.168.3.99 from the proxy server and internet is also is not working.What would be the problem.
Solved! Go to Solution.
10-07-2008 02:30 AM
from the firewall are you able to ping proxy 3.99 ?
from the proxy ping 4.2.2.2 and turn on
logg on
logg mon 7
term mon
debug icmp trace
send me the above outputs
10-04-2008 10:06 AM
internet-<-----ASAx.x.3.100--<-----x.x.3.99ProxyServer----
a) from Lan can you ping 192.168.3.100 ?
b)In the Access-list applied on outside interface, add the line, access-list
c)Now, ping 4.2.2.2 from the LAN, turn on "debug icmp trace" do you see icmp packet reaching firewall ?
If possible post your configuration here ...
10-06-2008 10:56 PM
All lan traffic is coming through the Proxy server IPs :lan 192.168.*.*.LAn and proxy server is in the same network.
Proxy Second ip 192.168.3.100 which is connected inside interface 192.168.3.99.Ouside ip 192.168.4.2 which is connectd to BSNL modem 192.168.4.1
BMR1C# sh run
: Saved
:
ASA Version 7.0(6)
!
!
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.3.99 255.255.255.0
!
interface Ethernet0/0.1
shutdown
no vlan
no nameif
no security-level
no ip address
!
interface Ethernet0/0.2
shutdown
no vlan
no nameif
no security-level
no ip address
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
nameif Outside
security-level 0
ip address 192.168.4.2 255.255.255.0
!
interface Management0/0
nameif management
security-level 0
ip address *.*.*.* 255.255.255.128
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu Outside 1500
mtu management 1500
no asdm history enable
arp timeout 14400
route inside 192.168.0.0 255.255.255.0 192.168.3.100 1
route Outside 0.0.0.0 0.0.0.0 192.168.4.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:2143d98d4cd9274aabcf7c7d19e73c7d
: end
BMRC#
10-06-2008 11:28 PM
Take care of following points :-
You have a ASA 5505 correct ? By default, port e0/0 is the outside Interface and rest 0/1-0/7 part of VLAN1 which is inside interface, but you have made e0/0 as inside, please make sure you have it assigned on VLAN 1 (inside) and e0/2 must be assigned in VLAN 2
b)Remove the logical VLANs
no interface Ethernet0/0.1
no interface Ethernet0/0.2
c)You never answered if you are able to ping inside interface from any inside LAN machine ?
d)On the Outside you have a private IP, who does the NATTing ? outside modem or ASA ?
I would like you to add following commands
policy-map global_policy
class inspection_default
inspect icmp
logg mon 7
term mon
logg on
Now onc you have thess commands in place, ping 4.2.2.2 and collect the logs, paste it here
10-07-2008 01:59 AM
C.NO
d.Nat ASA I
BMRC# debug icmp trace
debug icmp trace enabled at level 1
BMRC# ping 4.2.2.2
ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=4838
4 len=72
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
!ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72
!ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72
ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
!ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72
!ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72
ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72
10-07-2008 02:05 AM
add
nat (inside) 1 0 0
global (outside) 1 interface
10-07-2008 02:13 AM
I am not able to ping 192.168.3.99
route Outside 0.0.0.0 0.0.0.0 192.168.4.1 1
route inside 192.168.0.0 255.255.255.0 192.168.3.99 1
10-07-2008 02:25 AM
access-list outacc extended permit icmp any any
access-group outacc in interface Outside
10-07-2008 02:30 AM
from the firewall are you able to ping proxy 3.99 ?
from the proxy ping 4.2.2.2 and turn on
logg on
logg mon 7
term mon
debug icmp trace
send me the above outputs
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: