Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA5520 Basic configuration

Hello,



This is my 1st time trying to configure an ASA.



I'm trying to establish a very basic connection (ping) between 2 laptops, one sat on the outside interface, and one on the inside as per the diagram below:

Capture.JPG

I can ping back and forth from the ASA to 192.168.1.4, and to 10.1.1.1. However, what I'm trying to achieve is to be able to ping from 10.1.1.1 to 192.168.1.4 and vice versa.


I have attached the configuration file with this post as well.


I suspect it's something simple and silly that I did. Can you please help?


Many thanks,

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Red

Cisco ASA5520 Basic configuration

Also make sure you open the ACL on outside:

access-list 100 permit tcp any interface outside eq 443

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
4 REPLIES
Red

Cisco ASA5520 Basic configuration

Hi Haider,

you might just need to add this:

static (inside,outside) 192.168.1.4 192.168.1.4

make sure you also put a default route on the 192.168.1.4 machine with ASA inside as the gateway.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Cisco ASA5520 Basic configuration

Many thanks for the reply.

It worked, however, I would like to know how!

:)

I already had the (nat and global) command configured on it. Is that not enough?

Also, should the command not be

static (inside,outside) 10.1.1.2 192.168.1.4 255.255.255.255 ? <= i tried it and got an error.

I want the inside address of 192.168.1.4 to be mapped to the outside interface address of 10.1.1.2.

When I do show xlate, i can see that the 192 address is shown as itself globally.

I look forward to your reply.

kr

H

Red

Cisco ASA5520 Basic configuration

Hi Haider,

The nat global statements that you have, that is to pat the internal users, when they go out of the outside interface, it is not for connections coming in.

If you want to nat the internal IP with the outside interface of the ASA, you would need:

static (inside,outside) interface 192.168.1.4

But I would not advise that, because this statement would block the complete IP address for the internal server only. I would rather suggest port forwarding, which means, you are using only a single port on that IP. Here's the config:

static (inside,outside) interface 443 192.168.1.4 443

This shoudl  be done.

Hope that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
Red

Cisco ASA5520 Basic configuration

Also make sure you open the ACL on outside:

access-list 100 permit tcp any interface outside eq 443

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
1921
Views
5
Helpful
4
Replies