cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
540
Views
0
Helpful
8
Replies

Internal Host Access

thomasmelvin
Level 1
Level 1

I have an MPLS network, with a main site running hosted applications [10.10.x.x/21, Router - 10.10.0.254], and 3 other sites [10.11.x.x/21, 10.12.x.x/21 and 10.13.x.x/21; GW for each router at each site is 10.11.0.254/21, etc.].

I have the 10.10.x.x/21 network behind an ASA 5510. It's inside interface is 10.10.0.252/21. The entire 10.10.x.x/21 network is behind the ASA. None of the other sites can access the hosts on the 10.10.x.x/21, nor can the 10.10.x.x/21 hosts access the other sites.

******************************************************

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

Tom

1) Do the other sites have a route to 10.10.x.x/21

2) Have you setup access on the ASA. So if you want the whole internal network to be accessible from the remote sites

static (inside,outside) 10.10.x.x 10.10.x.x netmask 255.255.248.0

and then you need to have an access-list applied to the outside interface of your ASA allowing access eg.

access-list outside_in permit ip 10.11.x.x 255.255.248.0 10.10.x.x 255.255.248.0

etc...

access-group outside_in in interface outside

Note i have used IP in the acl but you can tie it down to specific ports/IP addresses if you need to.

Jon

Jon,

Thanks for the reply.

1) Yes all sites have a route to the 10.10.0.0/21.

2) I added the static/acl and no change. I can't even ping.

Could you post the config of the ASA ?

Jon

Says it's too many characters...?

If you save it in a notepad or wordpad you should be able to add an attachment to your message.

Or you could try just pasting half of it into one message and the rest into another message.

Jon

Thank Jon...

Here's my config.

As an FYI, I cannot get the Cisco VPN CLient to work either :O)

Tom

Could you give an example of an IP address you are trying to access from a remote site and what the source IP address is as well. Also what tcp port you are trying to access on so

src IP address =

destination IP address =

Port number =

Jon

John, sure...

src IP address = 10.10.1.16

destination IP address = 10.11.0.254

Port number = 0 [STD PING]

The same is true for the opposite.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: