ASA5505(config)# interface Ethernet0/1 ASA5505(config-if)# no shut
ASA5505(config-if)# route outside 0.0.0.0 0.0.0.0 next hop on outside
ASA5505(config-if)# route inside 184.108.40.206 255.255.255.240 next hop inside
Then from the asdm I permited everything from inside to go out but I cannot get any traffic through. I can ping the outside if I source the outside interface but not if I source the inside. The logs would not show me anything.
I did a packet tracer and it indicates the implicit deny rule at the end of the access-list is stopping my traffic eventhough I have allow rules above it?
I also checked the box in the asdm to allow traffic to pass without NAT
Testing with Ping can be a real pain. The ASA will not pass ICMP traffic through it by default, and also, you cannot ping sourcing from the inside interface, the firewall will drop the response as no ICMP packets can be send or received through the far end Interface. That being said, if you ping from the inside interface, you should only ping inside resources, if you pinging with the outside, you can only ping the outside interface and so on.
Try with other TCP traffic such as RDP or any other protocol, but passing across, if you need to ping across you may need the inspection for ICMP.
Thanks for the quick response. I turned on icmp inspection but still could not get through. I have tried http and https as well with no success. Connected to the outside interface is a HAIPE encryption device that will allow you to GUI into it using https, but the ASA keeps denying all traffic.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...