Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with ASA 5510

We installed an ASA 5510 today and are having some problems. I can ping to the inside interface from my PC but can not get beyond that. From the ASA I can ping the outside workd no problem. Here is out config. Of course I removed our outside addresses, but they are correct as I can ping to and from them. Thank you for your help.

Jason

thompsonasa# sh run

: Saved

:

ASA Version 7.0(7)

!

hostname xxxxxxxxasa

domain-name xxxxxxxxx.local

enable password xxx

names

dns-guard

!

interface Ethernet0/0

nameif Outside

security-level 0

ip address x.x.x.x x.x.x.x

!

interface Ethernet0/1

nameif Inside

security-level 100

ip address 10.10.253.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

passwd xxx

ftp mode passive

pager lines 24

logging asdm informational

mtu management 1500

mtu Inside 1500

mtu Outside 1500

no failover

asdm image disk0:/asdm-507.bin

no asdm history enable

arp timeout 14400

global (Outside) 10 x.x.x.x-x.x.x.x netmask x.x.x.x

nat (Inside) 10 10.10.1.0 255.255.255.0

route Inside 10.10.1.0 255.255.255.0 10.10.1.1 1

route Outside 0.0.0.0 0.0.0.0 x.x.x.x 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 management

http 10.10.0.0 255.255.0.0 Inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Cryptochecksum:xxx

: end

5 REPLIES
New Member

Re: Help with ASA 5510

Got it. It won't work with a range of dynamic addresses. Any iedeas?

Jason

Re: Help with ASA 5510

Jason,

You are only NATing the 10.10.10.0/24 network, so anything behind inside interface other than 10.10.10.0 will not be nated.

your statement

nat (Inside) 10 10.10.1.0 255.255.255.0

do instead for anything behind inside interface

nat (inside) 10 0 0

HTH

-Jorge

New Member

Re: Help with ASA 5510

Jorge,

We are nating for the 10.10.1.0 network. When I put an address pool for the global addresses it fails. If I use PAT and use one address it works fine. Got internet access and inboung smtp working. Now I can not get OWA to work. This thing is going to kill me.

Jason

Re: Help with ASA 5510

Jason, btw.. that's an old code.. I would at least bring it to 7.2 , I have read lost of weird things on 7.0.7 even though is on GD stage.

Re: Help with ASA 5510

interface Ethernet0/0

nameif Outside

security-level 0

ip address x.x.x.x x.x.x.x

global (Outside) 10 x.x.x.x-x.x.x.x netmask x.x.x.x

nat (Inside) 10 10.10.1.0 255.255.255.0

route Inside 10.10.1.0 255.255.255.0 10.10.1.1 1

route Outside 0.0.0.0 0.0.0.0 x.x.x.x 1

What is x.x.x.x?

Could you make more wise replacement?

107
Views
0
Helpful
5
Replies