cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
427
Views
10
Helpful
6
Replies

ASA 5510 configuration problem

junshah22
Level 1
Level 1

Dear All,

I am configuring my ASA 5510 but having some problems,

I am placing ASA very next to Router,

1- Router (Directly attached with Internet via live IP)

2-ASA (Connected with Router)

3-ASA DMZ interface (Servers are connected with it)

4-ASA other fa interface connected with Core switch (3560)

Vlans are configured on 3560 and inter vlan routing is in place via ACLs

OSPF is running on ASA, Core switch and Router,

PROBLEM

Users in Core switch Vlans can communicate with ASA but cannot communicate with DMZ

Cannot communicate with Internet Router

Router, Switch and ASA are showing Routes in their Routing Tables, but are unable to ping...

Please advise, whether is there any other configuration required on ASA,

ASA can communicate with Core switch Vlan Users, DMZ and Internet,

BUT

DMZ is unable to communicate with Core

DMZ is unable to communicate with Internet

PLEASE HELP,

REGARDS,

JUNAID

6 Replies 6

andrew.prince
Level 10
Level 10

Check your NAT - have you configured it correctly.

Check your interface security levels - have you configured them correctly

Check you access-lists to allow traffic from lower security levels to higher security levels.

The ASA is a FIREWALL NOT a router.

Below is some config guides to assist you in troubleshooting your config:-

http://www.cisco.com/en/US/products/ps6120/tsd_products_support_configure.html

HTH>

Additional to Andrew I would have a look at your security levels for the DMZ interface. If you have set it to 0 you will not be able to communicate with internet and Inside .. since the ASA denies traffic from lower (or equal) level interfaces. So you can't by default communicate from 0 to 100 or 0 to 0 ....

but first i would really check the NAT

cheers Michael

Dear Michael,

I set my security level for all interfaces is 50

security level 50 for DMZ

50 for Inside

50 for Outside

secondly,, I haven't applied NAT... NATING is performed by Router

What security level do you suggest for DMZ, Inside and Outside,

Outside - 0

DMZ - 50

Inside - 100

You then control what can access the inside, from the outside/dmz. You can also control what can access the dmz from the outside. The inside can access everything as default.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: