I am trying to configure an ASA but I am overlooking something simple I think. Its been a few years since I have used an ASA. I am trying to get my PC on the Inside Network connected to Ethernet 0/1 on the ASA out to my router.
from the PC I can ping Eth 0/1 (IP 192.168..150.1)
From the ASA I can ping the Interface of the router (IP 10.1.20.1) and from the router I can ping Eth 0/0 on the ASA (IP 10.1.20.10)
I am not able to get the PC past the ASA's Eth 0/1 interface
I am wondering if it is NAT thats missing
PC ------------------------> ASA ---------------------------> Router
E 0/1 E0/0 FE 0/1
IP 192.168.150.2 192.168.150.1 10.1.20.10 10.1.20.1
Gateway of last resort is not set
C 192.168.150.0 255.255.255.0 is directly connected, Inside
C 10.1.20.0 255.255.255.0 is directly connected, Outside
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
access-list Inside_access_in; 3 elements
access-list Inside_access_in line 1 extended permit tcp host 192.168.150.2 10.1.20.0 255.255.255.0 eq www (hitcnt=0) 0xdcb4dc10
access-list Inside_access_in line 2 extended permit udp host 192.168.150.2 10.1.20.0 255.255.255.0 eq domain (hitcnt=0) 0xc6121d1b
access-list Inside_access_in line 3 extended permit icmp any any (hitcnt=100) 0xb34531ad
access-list Outside_access_in; 1 elements
access-list Outside_access_in line 1 extended permit icmp any any (hitcnt=0) 0x2d93ecad
Based on your configuration, the security levels that you set for the inside and the outside interfaces are the same - equal to 0.
Traffic will not pass between interfaces that have the same security level.
Either change one interface to have a different security level - typically the inside interface has a security level of 100 (most secure), or allow communication between interface that have the same security levels as documented here : http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/intparam.html#wpxref49092
Let me know if that helps.