ASA 5510: traffic between two 'inside' interfaces, while maintaining outside interface traffic
I have been beating my head against the wall trying to get this to work, and for the life of me, I cannot. Any help would be GREATLY appreciated..!
I am using all four interfaces on the ASA 5510, and am trying to pass traffic between these two interfaces: "inside_sys" and "outside_sys". As it is right now, those two interfaces are incapable of talking to one another, yet, I am able to get 'outside' and on to the Internet with all interfaces.
I'm trying to maintain my current setup, in that I want to have my VPN tunnels continue to work, as well as have all three interfaces be able to communicate with my 'outside' (gateway) network.
Could someone please please please take a look at my config (below) and let me know what's missing in order for 'outside_sys' and 'inside_sys' interfaces to be able to communicate with one another?
Thanks in advance for any and all assistance!!
ASA Version 8.4(3)
enable password ..... encrypted
passwd ..... encrypted
description inside-facing systems
ip address 192.168.111.1 255.255.255.0
description inside hosts
ip address 192.168.91.1 255.255.255.0
description frontier default gateway
ip address 22.214.171.124 255.255.255.0
description outside-facing systems
ip address 192.168.112.1 255.255.255.0
no ip address
banner motd Only authorized users are permitted to access this system.
banner motd By accessing and/or using this system you are consenting to system
banner motd monitoring for law enforecement and/or other purposes.
boot system disk0:/asa843-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns server-group DefaultDNS
object network obj-192.168.111.0
subnet 192.168.111.0 255.255.255.0
object network obj-192.168.81.0
subnet 192.168.81.0 255.255.255.240
object network obj-192.168.111.9
object network obj-192.168.91.0
subnet 192.168.91.0 255.255.255.0
object network obj-192.168.91.100
object network obj-192.168.112.14
object network obj-192.168.112.12
object network obj-192.168.112.13
object network obj-192.168.111.25
object network obj-192.168.112.0
subnet 192.168.112.0 255.255.255.0
access-list vpntunnel_splitTunnelAcl standard permit 192.168.112.0 255.255.255.0
access-list vpntunnel_splitTunnelAcl standard permit 192.168.111.0 255.255.255.0
access-list vpntunnel_splitTunnelAcl standard permit 192.168.91.0 255.255.255.0
access-list ACL_IN extended permit udp any host 192.168.112.12 eq domain
access-list ACL_IN extended permit udp any host 192.168.112.13 eq domain
access-list ACL_IN extended permit tcp any host 192.168.112.14 eq https
access-list ACL_IN extended permit tcp any host 192.168.112.14 eq www
access-list ACL_IN extended permit tcp any host 192.168.112.14 eq smtp
access-list ACL_IN extended permit tcp any host 192.168.112.14 eq 993
access-list ACL_IN extended permit tcp any host 192.168.91.100 eq 46979
access-list ACL_IN extended permit tcp any host 192.168.91.100 range 6881 6900
access-list ACL_IN extended permit tcp any host 192.168.91.100 eq 6667
access-list ACL_IN extended permit tcp any host 192.168.91.100 range 5008 5028
access-list ACL_IN extended permit tcp any host 192.168.91.100 eq 59
pager lines 24
logging asdm informational
mtu inside_sys 1500
mtu inside 1500
mtu outside 1500
mtu outside_sys 1500
ip local pool vpnpool 192.168.81.2-192.168.81.14 mask 255.255.255.240
ASA 5510: traffic between two 'inside' interfaces, while maintai
inside_sys at security level 2 should by default be able to initiate traffic to outside_sys at security level 1. There are no access-groups or NAT rules applied that would change that. I assume you have only hosts on the same subnets as the repective interfaces for those two networks so routing is not an issue.
When you initiatie traffic from a host on inside_sys destined for a host on outside_sys, does your ASA log show any packets being denied?
Try packet tracer to see why the ASA might drop packets. e.g.:
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.