ASA 5510 configuration problem

Unanswered Question
May 1st, 2009

Dear All,

I am configuring my ASA 5510 but having some problems,

I am placing ASA very next to Router,

1- Router (Directly attached with Internet via live IP)

2-ASA (Connected with Router)

3-ASA DMZ interface (Servers are connected with it)

4-ASA other fa interface connected with Core switch (3560)

Vlans are configured on 3560 and inter vlan routing is in place via ACLs

OSPF is running on ASA, Core switch and Router,


Users in Core switch Vlans can communicate with ASA but cannot communicate with DMZ

Cannot communicate with Internet Router

Router, Switch and ASA are showing Routes in their Routing Tables, but are unable to ping...

Please advise, whether is there any other configuration required on ASA,

ASA can communicate with Core switch Vlan Users, DMZ and Internet,


DMZ is unable to communicate with Core

DMZ is unable to communicate with Internet




I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
mdombek_biz Sat, 05/02/2009 - 00:43

Additional to Andrew I would have a look at your security levels for the DMZ interface. If you have set it to 0 you will not be able to communicate with internet and Inside .. since the ASA denies traffic from lower (or equal) level interfaces. So you can't by default communicate from 0 to 100 or 0 to 0 ....

but first i would really check the NAT

cheers Michael

junshah22 Sat, 05/02/2009 - 02:17

Dear Michael,

I set my security level for all interfaces is 50

security level 50 for DMZ

50 for Inside

50 for Outside

secondly,, I haven't applied NAT... NATING is performed by Router

junshah22 Sat, 05/02/2009 - 03:01

What security level do you suggest for DMZ, Inside and Outside,


This Discussion