I have a asa 5505, thats been working fine for a year and today it stopped working. I can't ping from any interface and none of my client can get out to the internet. Not sure what happened.
I can cant ping from the asa to any outside ip address
From the gateway/cable modem I can ping the outside.
I have a second Pfsense firewall thats working fine and can calso reach the outside
I got it to work by adding a rule that allows inside traffice from the local network, using the network object, out. WHy did this happen? It was working fine for a year and all of a sudden it stopped working. Packet tracer, showed that traffice was being blocked by an a global implicit rule,
Im not sure either, im restoring a known good backup configuration. It may have been an issue with the ISP. I think it was an IPS issue and while i was messing around with the firewall rules. they fixed the issue. After restoring the configuration, things are still working fine.
Let me ask you, since I am a big n00b when it comes to asas . Is there suppose to be an implicit rule: all traffic to less secure networks? At the beginngin of the ACLS? This rule appears to allow all inside traffic out. Only thing that throws me off is that it says (1 implicit incoming) , is this allow all outside traffice in? Does this look right?
As long as an interface on the ASA doesnt have any ACL attached to it the "security-level" of the interfaces determines to where it hosts behind it can connect to. Basically the hosts behind the interface with no ACL attached can connect to any networks located behind an interface which "security-level" is lower.
If the interface has an ACL attached then the ACL controls which traffic is allowed through.
Every ACL always has an Implicit Deny at the end which basically means that if the traffic was not allowed in the ACL rules then it will be blocked.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :