Cisco ASA 5510

Unanswered Question
Apr 12th, 2009

I have one cisco asa5510 and i use the cisco ADSM 5.0 to configure the firewall. and i set the eth0/0 ip as 192.168.1.1/24, eth0/1 ip as 192.168.10.1/24 and running dhcp. the two interface is up and i use the hyperterminal, try to ping from network 192.168.10.0/24, it success. and then i use the xp command promt to ping, unsussess. how this routing should be implement at the ADSM manager? can somebody teach me? thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mohamed.aadil Sun, 04/12/2009 - 21:59

HI STEVEN,

we need some more information such as where is your windows XP computer placed in, is it in E0/0 or E0/1?

by default Cisco ASA configure the E0/0 as outside interface which is Exposed to internet and known as unsecured Zone (0%)and tagged as Vlan 2

and E0/1 and other ports are assigned to Vlan 2 and all interfaces are belongs to inside interface and in firewall aspects that is known as Secured Zone (100%)

as i have mentioned above outside 0% secure and Inside 100%, which are percentage. for example you can ping from inside interface to outside interface and you'll get the reply but you cant ping from outside to inside because firewall will block them by default.

now after you have understand the concept, we have to create a statice route from your ASDM to source 0.0.0.0 and destination also 0.0.0.0 and gateway has to place as 192.168.10.1 if your computers are beside in interface e0/1.

hope this will help you.... please reply us your update...

Thank you

Aadil

sohchingloong83 Sun, 04/12/2009 - 22:24

!

interface Ethernet0/0

nameif Internet

security-level 0

ip address 192.168.1.1 255.255.255.0

!

interface Ethernet0/1

nameif Local

security-level 1

ip address 192.168.10.1 255.255.255.0

!

interface Ethernet0/2

nameif Local2

security-level 2

ip address 192.168.20.1 255.255.255.0

!

interface Management0/0

nameif management

security-level 100

ip address 10.0.0.1 255.255.255.0

management-only

!

mtu Internet 1500

mtu Local 1500

mtu management 1500

mtu Local2 1500

asdm image disk0:/asdm-507.bin

no asdm history enable

arp timeout 14400

nat (management) 0 0.0.0.0 0.0.0.0

route Internet 0.0.0.0 0.0.0.0 192.168.10.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username cisco password 3USUcOPFUiMCO4Jk encrypted

http server enable

http 192.168.1.0 255.255.255.0 Internet

http 192.168.10.0 255.255.255.0 Local

http 10.0.0.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet 192.168.1.0 255.255.255.0 Internet

telnet 192.168.10.0 255.255.255.0 Local

telnet 10.0.0.0 255.255.255.0 management

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.10.10-192.168.10.20 Local

dhcpd address 10.0.0.10-10.0.0.20 management

dhcpd dns 202.188.0.133 202.188.1.5

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd domain 10.0.0.1

dhcpd auto_config management

dhcpd enable Local

dhcpd enable management

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Cryptochecksum:ba81e7dc1530d31ed5c320621727f367

: end

ASA5510(config)# ping 192.168.20.1

Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

ASA5510(config)# ping 192.168.20.1

Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

ASA5510(config)# ping 202.188.0.133

Sending 5, 100-byte ICMP Echos to 202.188.0.133, timeout is 2 seconds:

No route to host 202.188.0.133

Success rate is 0 percent (0/1)

ASA5510(config)# sh route

S 192.168.0.0 255.255.0.0 [10/0] via 192.168.10.1, Internet

C 192.168.1.0 255.255.255.0 is directly connected, Internet

C 192.168.10.0 255.255.255.0 is directly connected, Local

C 192.168.20.0 255.255.255.0 is directly connected, Local2

ASA5510(config)# sh run

: Saved

:

ASA Version 7.0(7)

!

hostname ASA5510

domain-name default.domain.invalid

enable password 8Ry2YjIyt7RRXU24 encrypted

multicast-routing

names

dns-guard

!

interface Ethernet0/0

nameif Internet

security-level 0

ip address 192.168.1.1 255.255.255.0

!

interface Ethernet0/1

nameif Local

security-level 1

ip address 192.168.10.1 255.255.255.0

!

interface Ethernet0/2

nameif Local2

security-level 2

ip address 192.168.20.1 255.255.255.0

!

interface Management0/0

nameif management

security-level 100

ip address 10.0.0.1 255.255.255.0

management-only

!

http server enable

http 192.168.1.0 255.255.255.0 Internet

http 192.168.10.0 255.255.255.0 Local

http 10.0.0.0 255.255.255.0 management

thank for the reply, but i can not ping from network local to network local2 in the command promt, i only can ping in the hyperteminal. any command i have to add in before can ping?

mohamed.aadil Mon, 04/13/2009 - 03:04

HI,

in which interface ur PC sitting by???

if ur PC sitting behind the Local2 thn u have to replace the static route from

route Internet 0.0.0.0 0.0.0.0 192.168.10.1 1

to

route local2 0.0.0.0 0.0.0.0 192.168.10.1 1

and make sure if ur connecting to the internet from internet interface u ahve enable the NAT on tht interface

please let us know ur update

AADIL

Actions

This Discussion