Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA simple setup

I have problem pinging from inside interface to outside interface and also from outside interface to interface. I have included sh run and sh ver command with this email. I wanted to try this simple setup first.

ciscoasa# sh run

ASA Version 7.0(7)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password xxx

names

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 209.x.x.225 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.10.10.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

passwd xxx

ftp mode passive

access-list outside_access_in extended permit tcp any any

access-list inside_access_in extended permit tcp any any

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

no failover

asdm image disk0:/asdm-507.bin

arp timeout 14400

nat-control

global (outside) 10 209.165.200.230-209.165.200.240

global (outside) 10 10.10.10.1

global (inside) 10 interface

nat (inside) 10 0.0.0.0 0.0.0.0

nat (management) 10 0.0.0.0 0.0.0.0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Cryptochecksum:xxx

: end

1 REPLY
Gold

Re: ASA simple setup

the asa doesn't let you ping a far side interface. you can only ping the asa interface that is closest to the source host of the ping.

the easiest way to configure ping *through* the firewall is to turn on icmp inspection:

policy-map global_policy

class inspection_default

inspect icmp

109
Views
0
Helpful
1
Replies