Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
2
Replies

ASA5510 setup

SOL10
Level 1
Level 1

‎04-14-2008 06:49 AM - edited ‎03-11-2019 05:30 AM

hi there

i have an ASA5510 with the following setup:

e0 - outside interface-212.188.x.x/28

e1 - inside if - 192.168.3.x/24 into 2960sw pport 10 vlan 1-switchport access

e2 - dmz if - 172.16.x.x/24 into port 14 vlan 40 switchport access.

linux server plugged into port 14 vlan40 ip 172.16.x.x/24 g/w dmz interface.

windows server plugged into port 15 vlan1 ip 192.16.3.x/24. g/w inside interface

both the windows server and linux server can ping their default gateways but i cant seem to ping each server across the network or establish an ssh connection to the liinux box.

the sh route command on the asa shows the 3 connected n/w (outside,inside&dmz).

I can get to the internet fromt the inside thatis ok

when i try to ping the windows erver from the linuxbox i get network unreachable. below are the access lists:

access-list 106 line 1 extended permit tcp host 192.168.3.x host 172.16.10.x eq ssh (hitcnt=9)

access-list 106 line 2 extended permit icmp any any (hitcnt=148)

access-list 106 line 3 extended permit ip any any (hitcnt=122)

access-group 106 in interface inside

Any ideas? Plese help as im really baffled.

Thnkx

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎04-14-2008 07:26 AM

Try adding...

static (inside,dmz) 192.168.3.0 192.168.3.0 netmask 255.255.255.0

You will also need an acl applied into the dmz interface to allow the icmp reply traffic, or to initiate communication from the dmz to the inside.

access-list dmz extended permit icmp any 192.168.3.0 255.255.255.0

access-list dmz extended deny ip any 192.168.3.0 255.255.255.0

access-list dmz permit ip any any

access-group dmz in interface dmz

Hope that helps.

0 Helpful

SOL10
Level 1
Level 1
In response to acomiskey

‎04-14-2008 07:41 AM

thanks for your reply.

it was more to do with the linux box rather than the asa. sorted out after i had to add a static route for the connected nw and also a default route

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card