Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me

TOPIC: cisco asa 5510 - unable to ping outside from inside

Re: cisco asa 5510 - unable to ping outside from inside 12 years 1 month ago #21241

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
Have you resolved the issue now or are you still unable to connect through the ASA ? If you are still having problems then its best to post the config ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: cisco asa 5510 - unable to ping outside from inside 12 years 1 month ago #21242

  • sazzy
  • sazzy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 9
  • Thank you received: 0
still having issues ...

!
ASA Version 7.2(2)8
!
hostname *****
domain-name *******.**.**
enable password ************* encrypted
names
dns-guard
!
interface Ethernet0/0
nameif inside
security-level 95
ip address 10.0.1.2 255.255.0.0
ospf cost 10
!
interface Ethernet0/1
nameif outsideASA
security-level 0
ip address ***.***.2.1 255.255.255.0
ospf cost 10
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Management0/0
nameif management
security-level 100
ip address ***.***.***.*** 255.255.255.0
ospf cost 10
management-only
!
passwd *********** encrypted
boot system disk0:/asa722-8-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name *************.**.**
object-group service TCP_ALLOW tcp
description lists all allowed tcp outgoings
port-object eq www
port-object eq domain
port-object eq whois
port-object eq ftp-data
port-object eq ftp
port-object eq 63
port-object eq smtp
object-group service UDP_ALLOW udp
description lists all allowed udp outgoings
port-object eq ntp
port-object eq domain
object-group network svr_access
description allows these full access
network-object host 10.0.0.10
network-object host 10.0.1.10
access-list inside_outbound extended permit tcp object-group svr_access any object-group TCP_ALLOW
access-list inside_outbound extended permit udp object-group svr_access any object-group UDP_ALLOW
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outsideASA 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm521.bin
no asdm history enable
arp timeout 14400
global (outsideASA) 1 interface
access-group inside_outbound in interface inside
route outsideASA 0.0.0.0 0.0.0.0 ***.***.2.10 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http ***.***.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
ssh timeout 5
console timeout 0
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
compression http-comp
Cryptochecksum:eed0c90c28a68f8402db4cb23f3df53c
: end


thanks!

Re: cisco asa 5510 - unable to ping outside from inside 12 years 1 month ago #21244

  • sazzy
  • sazzy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 9
  • Thank you received: 0
not to worry. all fixed. read another article about NAT - and was missing one line ... woops !

Re: cisco asa 5510 - unable to ping outside from inside 12 years 4 weeks ago #21246

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
lol, was just going to say that.

Sorry, i hadn't noticed that you had already posted your config in an earlier post.

Cheers

Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: cisco asa 5510 - unable to ping outside from inside 12 years 4 weeks ago #21257

can inside clients ping the outside interface? What is the sysmon error ?
I would get no route to x.x.x.x, I had a similar issue with my clients, unable to ping the outside interface. I resolved it by changing the default gateway to my inside ip address,

Re: cisco asa 5510 - unable to ping outside from inside 12 years 4 weeks ago #21259

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
In the Pix firewall (ASA is built on the Pix Code), you are unable to ping one of the firewalls interface if its going through the firewall.

i.e. If you were on the inside network and pinged the inside interface, that would work because its not going through the firewall. If however you were on the inside network and pinged the outside ip address, then it would fail.

This is a security mechanism for some reason ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.121 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup