Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Firewall questions ●●●●●●

guys:

ASA firewall ios version 9.0

pc1--(inside)-----ASA-----(outside)----pc2

i want  pc1 and pc2  can  ping  each  each other, and  can   Visit each other .

if  like a router, do not use nat .   how can i do ??

If you can give me some configuration

thank you verymuch....

7 REPLIES
Super Bronze

ASA Firewall questions ●●●●●●

Hi,

Well it pretty much depends on the setup.

If you only have a firewall deployed between 2 internal networks then you dont need NAT configurations at all. Naturally you will have to allow the traffic in the interface ACLs in question and make sure all route configurations are correct if there is more devices than the ASA involved.

Its hard to give any configurations when we dont know any address spaces and other related information.

- Jouni

New Member

ASA Firewall questions ●●●●●●

thank you verymuch.

interface GigabitEthernet0/0

nameif inside

security-level 100

ip address 1.1.1.1  255.255.255.0

!

interface GigabitEthernet0/1

nameif outside

security-level 0

ip address 2.2.2.1  255.255.255.0

access-list  111   permit icmp any any

access-list  111   permit ip any any

access-group 111 in interface inside

access-group 111 in interface outside

route outside 0.0.0.0 0.0.0.0   2.2.2.2

PC1  IP 1.1.1.2

      mask 255.255.255.0

      gateway 1.1.1.1

PC2 IP  2.2.2.2

mask 255.255.255.0

      gateway 2.2.2.1

now, pc1 can  ping  pc2 .  but  pc2 can not ping  pc1.

Super Bronze

Re: ASA Firewall questions ●●●●●●

Hi,

Lets use "packet-tracer" to test.

Insert this command in the CLI of the ASA and post the output (if you have changed the actual IP address then use the real ones in the command)

packet-tracer input outside icmp 2.2.2.2 8 0 1.1.1.2

Though there is always a chance that a software firewall on the PC1 is blocking the ICMP and simply doesnt reply to the ICMP Echo at all. That might be worth checking out.

- Jouni

New Member

Re: ASA Firewall questions ●●●●●●

pc1 <------> pc2     

if without the asa , they Can be connected to each other through

the   firewall configuration  have   problem ?

What do you think  

thanks

Super Bronze

ASA Firewall questions ●●●●●●

Hi,

I posted the "packet-tracer" command that you should issue on the ASA to tell us if there is a problem.

Without I can't really tell what the problem is.

Post the output

- Jouni

Silver

ASA Firewall questions ●●●●●●

Please check PC firewall settings, in some case also antivirus settings have network protection. Also check ARP table and logs on the ASA but as Jouni indicates please forward packet-tracer output.

Value our effort and rate the assistance!
Silver

ASA Firewall questions ●●●●●●

Do you still need assistance?

Please rate our assistnce

Value our effort and rate the assistance!
267
Views
0
Helpful
7
Replies
CreatePlease login to create content