08-17-2010 05:47 AM - edited 03-11-2019 11:26 AM
Hello all,
I have follow structure
lan - asa - router - internet.
And I would like to give internet access to machines inside my network.
with actual conf I from inside I can ping inside interface on cisco router, and stops there.
Follow my confs about what I´m doing
Router
===================================================
interface FastEthernet0/0
description Outside
no ip address
no ip redirects
no ip proxy-arp
duplex auto
speed auto
no snmp ifindex persist
service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet0/0.1
description Internet_Interface
encapsulation dot1Q 1 native
ip address 10.10.178.20 255.255.255.0
ip virtual-reassembly
!
interface FastEthernet0/1.501
description internet_inside_vlan
encapsulation dot1Q 501
ip address 10.1.1.1 255.255.255.252
!
interface FastEthernet0/1.502
description dmz_inside_vlan
encapsulation dot1Q 502
ip address 10.1.2.1 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 10.10.178.20 (outside ip)
ip nat source static 10.1.1.2 10.10.178.20
ASA
==========================================
!
interface Ethernet0/0
no nameif
no security-level
no ip address
!
interface Ethernet0/0.501
description outside_internet
vlan 501
nameif outside_1
security-level 0
ip address 10.1.1.2 255.255.255.0
!
interface Ethernet0/0.502
description outside_dmz
vlan 502
nameif outside_2
security-level 0
ip address 10.1.2.2 255.255.255.0
!
interface Ethernet0/1
no nameif
no security-level
no ip address
!
interface Ethernet0/1.10
description users_lan
vlan 10
nameif inside_1
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/1.20
description serv_farm
vlan 20
nameif inside_2
security-level 100
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet0/1.40
description telephony
vlan 40
nameif inside_3
security-level 100
ip address 192.168.40.1 255.255.255.0
!
interface Ethernet0/1.50
description guest_lan
vlan 50
nameif inside_4
security-level 100
ip address 192.168.50.1 255.255.255.0
!
interface Ethernet0/2
description dmz
shutdown
nameif dmz
security-level 50
ip address 192.168.30.1 255.255.255.0
!
interface Management0/0
nameif management
security-level 0
ip address 192.168.60.20 255.255.255.0
management-only
!
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_1_in extended permit tcp any host 10.1.1.1 log
access-list permit_all extended permit tcp any any log
access-list permit_all extended permit icmp any any log
access-list permit_all extended permit udp any any log
global (outside_1) 1 interface
nat (inside_1) 1 192.168.10.0 255.255.255.0
nat (inside_1) 1 192.168.20.0 255.255.255.0
nat (inside_1) 1 192.168.30.0 255.255.255.0
nat (inside_1) 1 192.168.40.0 255.255.255.0
nat (inside_1) 1 192.168.50.0 255.255.255.0
static (inside_1,inside_2) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (inside_2,inside_1) 192.168.20.0 192.168.20.0 netmask 255.255.255.0
static (dmz,outside_2) interface 192.168.30.5 netmask 255.255.255.255
access-group permit_all in interface outside_1
access-group permit_all out interface inside_1
access-group permit_all out interface inside_2
access-group permit_all in interface management
route outside_1 0.0.0.0 0.0.0.0 10.1.1.1 1
08-17-2010 06:24 AM
Hello,
You are missing couple of NAT configurations on the router.
interface FastEthernet0/0.1
description Internet_Interface
encapsulation dot1Q 1 native
ip address 10.10.178.20 255.255.255.0
ip nat outside -
Missing
ip virtual-reassembly
!
interface FastEthernet0/1.501
description internet_inside_vlan
encapsulation dot1Q 501
ip nat inside -
Missing
ip address 10.1.1.1 255.255.255.252
Hope this helps.
Regards,
NT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide