I see this is a popular one, but I can't see what I have done wrong.
the set-up is: a DSL modem in half bridge (it does all the PPPoE connection) passes our static IP (55.167.x.x) to the ASA's outside interface ... (the modem has an IP of 192.168.1.1, but not sure this matters)
then I have one inside interface on 192.168.43.1, which connects to a server and we have a working site-to-site VPN between this server and a client.. so I know most of it's set up right ... nothing else is on the 192.168.43.0/24 network.
the management interface is on 188.8.131.52/24 so it's out of the way and incidently connected to a dedcated PC, which also has console aqccess via the blue serial cable.
the last interface Main_Network is on the 192.168.0.0/24 network and it's this that I'm trying to get to work... at the moment I just have one Windows PC connected directly (does it need to go through a switch?) into the ASA for testing with a static IP (192.168.0.72), but I can't ping anything outside from the PC... only the ASA's interface (at 192.168.0.30).. I have the gateway on the PC set as 192.168.0.30 by the way.
The ASA can ping all the inside machines and anything I like outside.
Here's my config ... the static routes are there for when this replaces the current modem/router and the whole network plugs into the ASA.
ciscoasa(config)# show running-config
ASA Version 8.2(5)
enable password xxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
name 192.168.0.33 Mail02
name 150.101.x.x VOIP_ADSL
name 59.167.x.x SOHO_ADSL
description Internode VOIP
ip address dhcp setroute
description COnnects to the ME3 server for IPsec
ip address 192.168.43.1 255.255.255.0
description Connect to the main network
ip address 192.168.0.30 255.255.255.0
no ip address
ip address 184.108.40.206 255.255.255.0
ftp mode passive
dns domain-lookup Outside
dns server-group DefaultDNS
object-group protocol TCPUDP
access-list Outside_1_cryptomap extended permit ip 192.168.43.0 255.255.255.0 10
access-list Inside_nat0_outbound extended permit ip 192.168.43.0 255.255.255.0 1
access-list Inside_access_in extended permit ip 10.0.0.0 255.0.0.0 192.168.43.0
access-list Inside_access_in extended permit ip 192.168.43.0 255.255.255.0 10.0.
access-list outside extended permit ip any 192.168.0.0 255.255.255.0
access-list outside extended permit ip any any
access-list Main_Network_access_in extended permit ip 192.168.0.0 255.255.255.0
access-list Main_Network_access_in extended permit ip any 192.168.0.0 255.255.25
access-list Main_Network_nat0_outbound extended permit ip 192.168.0.0 255.255.25
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :