No connectivity between Inside host and Outside,DMZ hosts
I built a simple network in GNS3 where i have ASA with 3 interfaces. eth1 interface of ASA is connected to my Windows Host Machine (MS Loopback adapter) which is representing an Inside Host. Interface eth0 of ASA is connected to an outside network which is a Qemu host(microcore) and third interface eth2 is representing DMZ network which is again a Qemu host(microcore).
The problem that i am facing is that i am not able to ping from my Inside Host to DMZ or Outside and vice versa. Security level of all three interfaces of ASA are set to 0 and i have enabled allow traffic from one or more interfaces with the same level of security.
My issue has been resolved, but i dont exactly know which step i performed out of several steps which resolved my issue.
First of all i added a route on my windows cmd for both DMZ and Outside qemu host like this:
route add 192.168.3.2 mask 255.255.255.255 192.168.4.1 --> for outside host
route add 172.16.1.2 mask 255.255.255.255 192.168.4.1 --> for DMZ host
Also i did this in my ASA command shell:
ASA(config)# policy-map global_policy ASA(config-pmap)# class inspection_default ASA(config-pmap-c)# inspect icmp
Another important thing which i did was i added default gateway for my Outside host to the interface IP address of ASA which connected that outside qemu host like this:
ifconfig eth1 192.168.3.2 netmask 255.255.255.0 up route add default gw 192.168.3.1 --> 192.168.3.1 is IP address of outside interface of ASA
I repeated above step for DMZ like below:
ifconfig eth1 172.16.1.2 netmask 255.255.255.0 up route add default gw 172.16.1.1 --> 172.16.1.1 is ASA's DMZ interface IP
After doing above three steps i have full connectivity between my inside host and dmz and outside host.
I didnt get one thing i,e ASA is not a router then why i needed to add route in windows for communicating with dmz and outside host? and i needed to set asa's interface IP's as default gateway for DMZ and Outside Qemu hosts? could you clarify my concepts? Thanks
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...