All lan traffic is coming through the Proxy server IPs :lan 192.168.*.*.LAn and proxy server is in the same network.

Proxy Second ip 192.168.3.100 which is connected inside interface 192.168.3.99.Ouside ip 192.168.4.2 which is connectd to BSNL modem 192.168.4.1

BMR1C# sh run

: Saved

:

ASA Version 7.0(6)

!

!

interface Ethernet0/0

nameif inside

security-level 100

ip address 192.168.3.99 255.255.255.0

!

interface Ethernet0/0.1

shutdown

no vlan

no nameif

no security-level

no ip address

!

interface Ethernet0/0.2

shutdown

no vlan

no nameif

no security-level

no ip address

!

interface Ethernet0/1

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/2

nameif Outside

security-level 0

ip address 192.168.4.2 255.255.255.0

!

interface Management0/0

nameif management

security-level 0

ip address *.*.*.* 255.255.255.128

management-only

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

pager lines 24

mtu inside 1500

mtu Outside 1500

mtu management 1500

no asdm history enable

arp timeout 14400

route inside 192.168.0.0 255.255.255.0 192.168.3.100 1

route Outside 0.0.0.0 0.0.0.0 192.168.4.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

Cryptochecksum:2143d98d4cd9274aabcf7c7d19e73c7d

: end

BMRC#

Take care of following points :-

You have a ASA 5505 correct ? By default, port e0/0 is the outside Interface and rest 0/1-0/7 part of VLAN1 which is inside interface, but you have made e0/0 as inside, please make sure you have it assigned on VLAN 1 (inside) and e0/2 must be assigned in VLAN 2

b)Remove the logical VLANs

no interface Ethernet0/0.1

no interface Ethernet0/0.2

c)You never answered if you are able to ping inside interface from any inside LAN machine ?

d)On the Outside you have a private IP, who does the NATTing ? outside modem or ASA ?

I would like you to add following commands

policy-map global_policy

class inspection_default

inspect icmp

logg mon 7

term mon

logg on

Now onc you have thess commands in place, ping 4.2.2.2 and collect the logs, paste it here

C.NO

d.Nat ASA I

BMRC# debug icmp trace

debug icmp trace enabled at level 1

BMRC# ping 4.2.2.2

ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=4838

4 len=72

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72

!ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72

!ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72

ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72

ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72

!ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72

!ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72

ICMP echo request from 192.168.4.2 to 4.2.2.2 ID=4388 seq=48384 len=72

ICMP echo reply from 4.2.2.2 to 192.168.4.2 ID=4388 seq=48384 len=72

add

nat (inside) 1 0 0

global (outside) 1 interface

I am not able to ping 192.168.3.99

route Outside 0.0.0.0 0.0.0.0 192.168.4.1 1

route inside 192.168.0.0 255.255.255.0 192.168.3.99 1

access-list outacc extended permit icmp any any

access-group outacc in interface Outside