Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: configuring ASA

configuring ASA 9 years 2 months ago #32461

Can anyone please help, i cannot get inside and dmz to communicate either way. below are the parameters.

ASA; inside

Router; Connection to ASA
Connection to LAN

please come up with configs, i have exhausted everything i know on this.

thank you

Re: configuring ASA 9 years 2 months ago #32462

Dont have a full config for you, but from memory you would need something like below.

Router would need a route to dmz. Something like:
ip route name TO_DMZ

On ASA something like.
interface Ethernet1
nameif inside
security-level 100
ip address
interface Ethernet2
nameif dmz
security-level 10
ip address

access-list DMZ_access extended permit ip any
access-group DMZ_access in interface DMZ

Re: configuring ASA 9 years 2 months ago #32466

Hi Kajiro,
thanks for your help.i have tried it but no luck. i have other configs with it, some of them may not be necessary but kinldy help look through it.

interface FastEthernet0/0
description Trunk Connection to Core Switch
ip address
duplex auto
speed auto
interface FastEthernet0/1
description Connection to ASA
ip address
duplex auto
speed auto
ip forward-protocol nd
ip route
ip route


interface GigabitEthernet0/0
nameif inside
security-level 100
ip address
interface GigabitEthernet0/1
nameif DMZ
security-level 50
ip address

ftp mode passive
access-list DMZ_access extended permit ip any
access-list inside-access extended permit ip any
pager lines 24
logging asdm informational
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
mtu management 1500
no failover
icmp permit any inside
icmp permit any echo inside
icmp permit any echo-reply inside
icmp permit any DMZ
icmp permit any echo DMZ
icmp permit any echo-reply DMZ
no asdm history enable
arp timeout 14400
static (inside,DMZ) netmask
static (DMZ,inside) netmask
access-group inside-access in interface inside
access-group DMZ_access in interface DMZ
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http management
no snmp-server location
no snmp-server contact
snmp-server community lur1956
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 50
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
: end
  • Page:
  • 1
Time to create page: 0.143 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup