11-06-2013 05:39 AM - edited 03-11-2019 08:01 PM
guys:
ASA firewall ios version 9.0
pc1--(inside)-----ASA-----(outside)----pc2
i want pc1 and pc2 can ping each each other, and can Visit each other .
if like a router, do not use nat . how can i do ??
If you can give me some configuration
thank you verymuch....
11-06-2013 05:43 AM
Hi,
Well it pretty much depends on the setup.
If you only have a firewall deployed between 2 internal networks then you dont need NAT configurations at all. Naturally you will have to allow the traffic in the interface ACLs in question and make sure all route configurations are correct if there is more devices than the ASA involved.
Its hard to give any configurations when we dont know any address spaces and other related information.
- Jouni
11-06-2013 05:52 AM
thank you verymuch.
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 2.2.2.1 255.255.255.0
access-list 111 permit icmp any any
access-list 111 permit ip any any
access-group 111 in interface inside
access-group 111 in interface outside
route outside 0.0.0.0 0.0.0.0 2.2.2.2
PC1 IP 1.1.1.2
mask 255.255.255.0
gateway 1.1.1.1
PC2 IP 2.2.2.2
mask 255.255.255.0
gateway 2.2.2.1
now, pc1 can ping pc2 . but pc2 can not ping pc1.
11-06-2013 06:24 AM
Hi,
Lets use "packet-tracer" to test.
Insert this command in the CLI of the ASA and post the output (if you have changed the actual IP address then use the real ones in the command)
packet-tracer input outside icmp 2.2.2.2 8 0 1.1.1.2
Though there is always a chance that a software firewall on the PC1 is blocking the ICMP and simply doesnt reply to the ICMP Echo at all. That might be worth checking out.
- Jouni
11-06-2013 06:34 AM
pc1 <------> pc2
if without the asa , they Can be connected to each other through
the firewall configuration have problem ?
What do you think
thanks
11-06-2013 06:36 AM
Hi,
I posted the "packet-tracer" command that you should issue on the ASA to tell us if there is a problem.
Without I can't really tell what the problem is.
Post the output
- Jouni
11-07-2013 10:13 PM
Please check PC firewall settings, in some case also antivirus settings have network protection. Also check ARP table and logs on the ASA but as Jouni indicates please forward packet-tracer output.
11-09-2013 09:23 PM
Do you still need assistance?
Please rate our assistnce
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide