Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 5510 configuration problem

Dear All,

I am configuring my ASA 5510 but having some problems,

I am placing ASA very next to Router,

1- Router (Directly attached with Internet via live IP)

2-ASA (Connected with Router)

3-ASA DMZ interface (Servers are connected with it)

4-ASA other fa interface connected with Core switch (3560)

Vlans are configured on 3560 and inter vlan routing is in place via ACLs

OSPF is running on ASA, Core switch and Router,

PROBLEM

Users in Core switch Vlans can communicate with ASA but cannot communicate with DMZ

Cannot communicate with Internet Router

Router, Switch and ASA are showing Routes in their Routing Tables, but are unable to ping...

Please advise, whether is there any other configuration required on ASA,

ASA can communicate with Core switch Vlan Users, DMZ and Internet,

BUT

DMZ is unable to communicate with Core

DMZ is unable to communicate with Internet

PLEASE HELP,

REGARDS,

JUNAID

6 REPLIES

Re: ASA 5510 configuration problem

Check your NAT - have you configured it correctly.

Check your interface security levels - have you configured them correctly

Check you access-lists to allow traffic from lower security levels to higher security levels.

The ASA is a FIREWALL NOT a router.

Below is some config guides to assist you in troubleshooting your config:-

http://www.cisco.com/en/US/products/ps6120/tsd_products_support_configure.html

HTH>

New Member

Re: ASA 5510 configuration problem

Additional to Andrew I would have a look at your security levels for the DMZ interface. If you have set it to 0 you will not be able to communicate with internet and Inside .. since the ASA denies traffic from lower (or equal) level interfaces. So you can't by default communicate from 0 to 100 or 0 to 0 ....

but first i would really check the NAT

cheers Michael

New Member

Re: ASA 5510 configuration problem

Dear Michael,

I set my security level for all interfaces is 50

security level 50 for DMZ

50 for Inside

50 for Outside

secondly,, I haven't applied NAT... NATING is performed by Router

New Member

Re: ASA 5510 configuration problem

What security level do you suggest for DMZ, Inside and Outside,

Re: ASA 5510 configuration problem

Outside - 0

DMZ - 50

Inside - 100

You then control what can access the inside, from the outside/dmz. You can also control what can access the dmz from the outside. The inside can access everything as default.

154
Views
10
Helpful
6
Replies
CreatePlease to create content