×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

No connectivity between Inside host and Outside,DMZ hosts

Unanswered Question
Nov 4th, 2014
User Badges:

Dear All,

           I built  a simple network in GNS3 where i have ASA with 3 interfaces. eth1  interface of ASA is connected to my Windows Host Machine (MS Loopback adapter) which is representing an Inside Host. Interface eth0 of ASA is connected to an outside network which is a Qemu  host(microcore) and third interface eth2 is representing DMZ network which is  again a Qemu host(microcore).

The problem that i am facing is that i am not able to ping from my Inside Host to DMZ or Outside and vice versa. Security level of all three interfaces of ASA are set to 0 and i have enabled allow traffic from one or more interfaces with the same level of security.

Any idea? You can refer to the images attached

Thanks in adance

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vibhor Amrodia Tue, 11/04/2014 - 08:40
User Badges:
  • Cisco Employee,

Hi,

From these end devices are you able to ping the connected interfaces on the ASA device ? If yes , try to enable fixup protocol icmp and see if that resolves the issue ?

Thanks and Regards,

Vibhor Amrodia

sabonasdasdasd Tue, 11/04/2014 - 08:55
User Badges:

My issue has been resolved, but i dont exactly know which step i performed out of several steps which resolved my issue.

First of all i added a route on my windows cmd for both DMZ and Outside qemu host like this:

route add 192.168.3.2 mask 255.255.255.255 192.168.4.1   --> for outside host 

route add 172.16.1.2 mask 255.255.255.255 192.168.4.1    --> for DMZ  host

 

Also i did this in my ASA command shell:

ASA(config)# policy-map global_policy
ASA(config-pmap)# class inspection_default
ASA(config-pmap-c)# inspect icmp

 

Another important thing which i did was i added default gateway for my Outside host to the interface IP address of ASA which connected that outside qemu host like this:

ifconfig eth1 192.168.3.2 netmask 255.255.255.0 up
route add default gw 192.168.3.1       --> 192.168.3.1 is IP address of outside interface of ASA

I repeated above step for DMZ like below:

ifconfig eth1 172.16.1.2 netmask 255.255.255.0 up
route add default gw 172.16.1.1     --> 172.16.1.1 is ASA's DMZ interface IP

 

After doing above three steps i have full connectivity between my inside host and dmz and outside host.

 

I didnt get one thing i,e ASA is not a router then why i needed to add route in windows for communicating with dmz and outside host? and i needed to set asa's interface IP's as default gateway for DMZ and Outside Qemu hosts? could you clarify my concepts? Thanks

Actions

This Discussion