I'm having some troubles setting up a new firewall. (I'm new to firewalls)I've got the unit up with configured IP addresses on inside and outside. Downloaded and installed ASDM software. I can't seem to get it to pass traffic.
The unit is being used to secure one network from the rest of our company network.
Inside interface is 10.50.241.1/24
The PIX will be the gateway on this network.
Outside interface is 10.48.16.2/20
Gateway on the outside network is a Cisco 6500 MSFC 10.48.16.10 which connects to the rest of the company.
I have included a show run:
PIX Version 7.2(2)
enable password 8Ry2YjIyt7RRXU24 encrypted
name 10.48.0.0 GAC
name 10.48.16.0 Plant
ip address 10.48.16.2 255.255.240.0
ip address 10.50.241.1 255.255.255.0
no ip address
passwd 0aywtm/YUv1U3jNB encrypted
ftp mode passive
dns server-group DefaultDNS
same-security-traffic permit intra-interface
object-group protocol TCPUDP
access-list ping_acl extended permit icmp Plant 255.255.240.0 any
You are trying to ping your hosts in the inside from Plant and GAC (located in the outside), you will not be able to do this since you are USING PAT, hence hiding your inside network, so whenever you try to ping any host in 10.50.241.0 you will not reach it from the outside.
access-list outside_access_in extended permit icmp any any
so you can test pinging from any host in the inside to anything in the outside, but you won't be able to ping from the outside to the inside
And one last observation:
telnet Plant 255.255.240.0 outside
telnet GAC 255.255.240.0 outside
You will not be able to telnet to the outside interface unless you use IPSec, this is because telnet will send everything in clear text, and doing this in the outside interface will be insane!!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...