11-04-2014 07:20 AM - edited 03-11-2019 10:01 PM
Dear All,
I built a simple network in GNS3 where i have ASA with 3 interfaces. eth1 interface of ASA is connected to my Windows Host Machine (MS Loopback adapter) which is representing an Inside Host. Interface eth0 of ASA is connected to an outside network which is a Qemu host(microcore) and third interface eth2 is representing DMZ network which is again a Qemu host(microcore).
The problem that i am facing is that i am not able to ping from my Inside Host to DMZ or Outside and vice versa. Security level of all three interfaces of ASA are set to 0 and i have enabled allow traffic from one or more interfaces with the same level of security.
Any idea? You can refer to the images attached
Thanks in adance
11-04-2014 08:40 AM
Hi,
From these end devices are you able to ping the connected interfaces on the ASA device ? If yes , try to enable fixup protocol icmp and see if that resolves the issue ?
Thanks and Regards,
Vibhor Amrodia
11-04-2014 08:55 AM
My issue has been resolved, but i dont exactly know which step i performed out of several steps which resolved my issue.
First of all i added a route on my windows cmd for both DMZ and Outside qemu host like this:
route add 192.168.3.2 mask 255.255.255.255 192.168.4.1 --> for outside host
route add 172.16.1.2 mask 255.255.255.255 192.168.4.1 --> for DMZ host
Also i did this in my ASA command shell:
ASA(config)# policy-map global_policy
ASA(config-pmap)# class inspection_default
ASA(config-pmap-c)# inspect icmp
Another important thing which i did was i added default gateway for my Outside host to the interface IP address of ASA which connected that outside qemu host like this:
ifconfig eth1 192.168.3.2 netmask 255.255.255.0 up
route add default gw 192.168.3.1 --> 192.168.3.1 is IP address of outside interface of ASA
I repeated above step for DMZ like below:
ifconfig eth1 172.16.1.2 netmask 255.255.255.0 up
route add default gw 172.16.1.1 --> 172.16.1.1 is ASA's DMZ interface IP
After doing above three steps i have full connectivity between my inside host and dmz and outside host.
I didnt get one thing i,e ASA is not a router then why i needed to add route in windows for communicating with dmz and outside host? and i needed to set asa's interface IP's as default gateway for DMZ and Outside Qemu hosts? could you clarify my concepts? Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: