cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
637
Views
0
Helpful
8
Replies

Setup problem with ASA5505

huwyhuwy123
Level 1
Level 1

Hi,

I've been asked to setup an ASA5505 for the first time. I've not had any experience with the ASA's and can't seem to get it working.

Presently I can ping google (66.249.93.99) from the ASA (via hyperterminal) however I can't ping out from a host on the internal network (192.168.1.26).

I'm guessing that the NAT setup is wrong..? Can someone take a look at the attached config and point me in the right direction?

TIA,

H

8 Replies 8

andrew.prince
Level 10
Level 10

You NAT looks OK - but your dhcp does not have a DNS entry? How are you pinging google, by IP or name?

By IP (66.249.93.99)

can you ping the IP from the host on the inside - and on the asa post the output of "show xlate"

Cheers Andrew.

I can't ping the IP from the inside - only from the ASA itself. Show xlate is below.....

0 in use, 1 most used

-H

Sorry - I missed something critical, add the below and re-test:-

access-list acl-outside extended permit icmp any any echo-reply

access-list acl-outside extended permit icmp any any unreachable

access-list acl-outside extended permit icmp any any traceroute

access-list acl-outside extended permit icmp any any time-exceeded

access-group acl-outside in interface outside

Thats great Andrew. I didn't realise you had to explicitly allow the traffic back in. All working.

Can I be cheeky and ask 1 more question..?

I need to setup port forwarding to a citrix server. Presumably I need to add port 1494 to "acl-outside" but I'm not sure what the static NAT command should be - can you help?

Don't worry - I worked it out. thanks for your help!

OK - glad to help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: