Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA 5510 Problems

Status
Not open for further replies.
alphaNumerics123

alphaNumerics123

IS-IT--Management
Joined
Jun 9, 2009
Messages
3
Location
US
Here is where I am, I am DEAD stuck. I can not get trafic of any kind to pass through the ASA 5510. I have tried what I beleive to be everything. Below I have posted my new configuration file. I need to know what is wrong with it and how to fix it. I have also cut the 2821 out of the equation so now the computer is connected directly to the asa 5510. Before this all came about I did have the Linksys and the 2821 communicating, I also have heard that you can put the asa 5510 in the middle in transparent mode (not routed) and keep the packet flow the way it was before. Any help is greatly appreciated.

Problem:
I am currently trying to configure NAT on my ASA 5510. I am having problems geting the two interfaces to comunicate with each other. I can ping my Linksys Router from the outside interface of the firewall, but I am unable to do this from the inside interface.

Setup:
I currently have a Linksys RV082 connected to two ISP's, connected on the LAN side of that is a Cisco ASA 5510 firewall, connected on the lan side of that is a Cisco 2821 router.

Linksys RV082
|
Cisco ASA 5510
|
Cisco 2821
|
Computer




NAT:
Original:
Interface: interior
Source Network: interior:any/0
Destination Network: any
Translated:
Interface: Exterior
Address: interface PAT

Static routes:
Linksys to Firewall:
Destination IP: 192.168.6.0
Subnet mask: 255.255.255.0
Default Gateway: 192.168.0.101
Hop count: 1
Interface: lan

Firewall to Linksys
Exterior 0.0.0.0 0.0.0.0 192.168.0.1 1


IP Addresses:
Inside firewall: 192.168.6.0
Outside firewall: 192.168.0.101
Linksys: 192.168.0.1
Cisco Router Outside: 192.168.6.101
Cisco Router Inside: 192.168.4.0


____________Cisco ASA 5510 Configuration_____________________________

ASA Version 7.0(8)
!
hostname Firewall
domain-name default.domain.invalid
enable password 6efABQ2cPmP7OKuA encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
nameif Interior
security-level 100
ip address 192.168.6.1 255.255.255.0
!
interface Ethernet0/1
nameif Exterior
security-level 0
ip address dhcp setroute
!
interface Ethernet0/2
shutdown
nameif 0
security-level 0
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
same-security-traffic permit inter-interface
access-list Exterior_access_in extended permit tcp interface Exterior interface Interior
access-list Exterior_access_in extended permit icmp interface Exterior interface Interior
access-list Exterior_access_in extended permit ip interface Exterior interface Interior
access-list Exterior_access_out extended permit tcp interface Interior interface Exterior
access-list Exterior_access_out extended permit icmp interface Interior interface Exterior
access-list Exterior_access_out extended permit ip interface Interior interface Exterior
access-list Interior_access_in extended permit tcp interface Interior interface Exterior
access-list Interior_access_in extended permit icmp interface Interior interface Exterior
access-list Interior_access_in extended permit ip interface Interior interface Exterior
access-list Interior_access_out extended permit tcp interface Exterior interface Interior
access-list Interior_access_out extended permit icmp interface Exterior interface Interior
access-list Interior_access_out extended permit ip interface Exterior interface Interior
access-list 0_access_in extended permit tcp any interface Exterior
pager lines 24
logging asdm informational
mtu management 1500
mtu Exterior 1500
mtu Interior 1500
mtu 0 1500
icmp permit any management
icmp permit any Exterior
icmp permit any Interior
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (Exterior) 100 interface
global (Interior) 101 192.168.6.2-192.168.6.10
nat (Interior) 100 0.0.0.0 0.0.0.0 dns
nat (Interior) 100 0.0.0.0 0.0.0.0 outside
access-group Exterior_access_in in interface Exterior per-user-override
access-group Exterior_access_out out interface Exterior
access-group Interior_access_in in interface Interior per-user-override
access-group Interior_access_out out interface Interior
access-group 0_access_in in interface 0
route Exterior 0.0.0.0 0.0.0.0 192.168.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt noproxyarp 0
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd address 192.168.6.2-192.168.6.10 Interior
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd auto_config Interior
dhcpd enable management
dhcpd enable Interior
Cryptochecksum:..
 
Sort by date Sort by votes
1) This should be in the ASA forum
2) You've got some goofy stuff going on in your config. Take this ACL for instance:
Code: 
access-list Exterior_access_in extended permit tcp interface Exterior interface Interior
access-list Exterior_access_in extended permit icmp interface Exterior interface Interior
access-list Exterior_access_in extended permit ip interface Exterior interface Interior
this is literally saying permit tcp, icmp, and ip from your External interface IP to your Internal interface IP. If you really want to have your firewall opened up completely (although what's the use of having one if you do) then either alter this ACL to be:
Code: 
access-list Exterior_access_in extended permit ip any any
or change the security level on your Exterior interface to be 100 (or change the security level on your Internal to be 0) and add the command same-security-traffic permit inter-interface. Remove all other ACL's.
3) Your NAT config is screwy too:
Code: 
global (Exterior) 100 interface
global (Interior) 101 192.168.6.2-192.168.6.10
nat (Interior) 100 0.0.0.0 0.0.0.0 dns
nat (Interior) 100 0.0.0.0 0.0.0.0 outside
Simplify it and just try these to get it to work:
Code: 
global (Exterior) 100 interface
nat (Interior) 100 0 0 0 0
4) Why are you NATing at both the ASA and the Linksys??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Also, let us know how you get along, please. Thanks.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

quazimotto
  • Locked
  • Question Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
325
quazimotto
quazimotto
steel_bender
  • Locked
  • Question Question
Allow HTTPS TCP Traffic through ASA5525
Replies
1
Views
382
Mogles49
Mogles49
chazzmanbm
  • Locked
  • Question Question
Cisco ASA 9.2 SSH Configuration
Replies
1
Views
381
iggsterman
iggsterman
darktriad
  • Locked
  • Question Question
Cisco ASA 9.4: Configuring NAT
Replies
0
Views
369
darktriad
darktriad
lwhalo
  • Locked
  • Question Question
ASA 5520 Packet Capture Question
Replies
0
Views
265
lwhalo
lwhalo

Part and Inventory Search

Sponsor

Back
Top