Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Setup problem with ASA5505

Hi,

I've been asked to setup an ASA5505 for the first time. I've not had any experience with the ASA's and can't seem to get it working.

Presently I can ping google (66.249.93.99) from the ASA (via hyperterminal) however I can't ping out from a host on the internal network (192.168.1.26).

I'm guessing that the NAT setup is wrong..? Can someone take a look at the attached config and point me in the right direction?

TIA,

H

8 REPLIES

Re: Setup problem with ASA5505

You NAT looks OK - but your dhcp does not have a DNS entry? How are you pinging google, by IP or name?

New Member

Re: Setup problem with ASA5505

By IP (66.249.93.99)

Re: Setup problem with ASA5505

can you ping the IP from the host on the inside - and on the asa post the output of "show xlate"

New Member

Re: Setup problem with ASA5505

Cheers Andrew.

I can't ping the IP from the inside - only from the ASA itself. Show xlate is below.....

0 in use, 1 most used

-H

Re: Setup problem with ASA5505

Sorry - I missed something critical, add the below and re-test:-

access-list acl-outside extended permit icmp any any echo-reply

access-list acl-outside extended permit icmp any any unreachable

access-list acl-outside extended permit icmp any any traceroute

access-list acl-outside extended permit icmp any any time-exceeded

access-group acl-outside in interface outside

New Member

Re: Setup problem with ASA5505

Thats great Andrew. I didn't realise you had to explicitly allow the traffic back in. All working.

Can I be cheeky and ask 1 more question..?

I need to setup port forwarding to a citrix server. Presumably I need to add port 1494 to "acl-outside" but I'm not sure what the static NAT command should be - can you help?

New Member

Re: Setup problem with ASA5505

Don't worry - I worked it out. thanks for your help!

Re: Setup problem with ASA5505

OK - glad to help.

347
Views
0
Helpful
8
Replies