Unanswered Question
Apr 2nd, 2009
User Badges:

I want to start by thanking everyone for taking the time to ready this. We currently have a Fortigate firewall in place. We have multiple VLANS seperating our voip phone system from the rest of our traffic, and we also seperate out our guest wireless network. We just bought an ASA 5540. I have setup ASA's before and I seem to always miss one little detail and Im so mad at myself when I contact the TAC and they fix it within mins. So hopefully someone here can help me. I can ping the internal interface but nothing past that from the inside.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 04/02/2009 - 18:40
User Badges:
  • Blue, 1500 points or more

try removing all of your icmp acl's and access-group commands.

instead try turning on icmp inspection globally:

policy-map global_policy

class inspection_default

inspect icmp

j_Pearcy00 Thu, 04/02/2009 - 18:57
User Badges:

I should have been more detailed on my problem. It isnt just ICMP that is not getting from the inside to the rest of the world. Its everything. I know my default route is right because Im able to ping the outside interface from a machine out on the web.

vikram_anumukonda Thu, 04/02/2009 - 19:03
User Badges:
  • Bronze, 100 points or more

are the interface names in the nat statement correct. I don't see an ip-address assigned to interface named as Inside.

global (Outside) 1 interface

nat (Inside) 1 outside

j_Pearcy00 Thu, 04/02/2009 - 19:53
User Badges:

do I have to add the Nat (Interface) 1 outside for each Vlan?

vikram_anumukonda Thu, 04/02/2009 - 21:30
User Badges:
  • Bronze, 100 points or more

nat (Internal) 1

nat (Vlan_Phones) 1

global (Outside) 1 interface


This Discussion