I am running software version 7.2(1) on an ASA5540.
I have an inside interface configured on security level 100 and an outside interface configured with security level 0.
no nat-control has also been configured to permit traffic to flow through the device without the need for NAT configuration.
So in theory a client on the inside interface should be able to browse to a device on the outside interface, without NAT, it should just simply route to outside subnet. No additional ACL configuration should be required as the traffic is going from a high security level to a lower one.
This does not work. All TCP sessions time out with a SYN timeout.
Also, when trying to just carryout a simple ping to the device I am trying to connect to I get request timeouts on the client. This is particular interesting.
I have configured the inside interface to permit echo from the client source address as an inbound ACL. I have also configure echo-reply for the device on the outside / internet interface as an inbound ACL on the outside interface.
Even though I can see the icmp connections being built and torn down in the Logging window, the client machine on the inside keeps getting requests timeout.
No packet filtering is workin on the device. Has anyone encountered this or could perhaps explain to me why this is happening ?
I have attached the configuration of the ASA - albeit with a lot of ommissions.
i saw some thing that could cause this problem , that is in your configuration you secify a global (outside) , and you dont specify any NAT(interface) command, so i think this will prevent any translation.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :