Hot Downloads

Welcome, Guest
Username: Password: Remember me


PROBLEM CISCO ASA 5505 6 years 8 months ago #33476

  • mdgm02
  • mdgm02's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0

I have an ASA 5505 firewall, configured with "inside" and "outside" I have enabled nat rules and corresponding access list. Gateway of is other firewall.

The system is working well, but after approximately 4 hours or falls "inside" the network, ie, from any host do not see the firewall, and from "inside" the firewall console does not see any team, yet if I see any host that is beyond When I ping from console also answered me.

If I change network to another network interface ASA5505 start work until after a further 4 hours, I have to turn off and turn on the firewall.

The truth is taht no what is happening, and I need help urgently.

Configuration ASA:

ASA Version 7.2(4)
hostname CCFW01
domain-name nombre.domain
name HOST1 description SERVWEBFTP
name HOST2 description FLOTAS
interface Vlan1
nameif inside
security-level 100
ip address
interface Vlan2
nameif outside
security-level 0
ip address
interface Vlan4
nameif gestion
security-level 100
ip address
interface Ethernet0/0
switchport access vlan 4
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 4
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name nombre.domain
object-group icmp-type ICMPGRUPO
description icmpgrupo
icmp-object alternate-address
icmp-object conversion-error
icmp-object echo
icmp-object echo-reply
icmp-object information-reply
icmp-object information-request
icmp-object mask-reply
icmp-object mask-request
icmp-object mobile-redirect
icmp-object parameter-problem
icmp-object redirect
icmp-object router-advertisement
icmp-object router-solicitation
icmp-object source-quench
icmp-object time-exceeded
icmp-object timestamp-reply
icmp-object timestamp-request
icmp-object traceroute
icmp-object unreachable
object-group service TCP_1 tcp
port-object eq ftp
port-object eq ftp-data
port-object eq sqlnet
port-object eq www
port-object eq 445
port-object eq exec
port-object eq 137
port-object eq 150
port-object eq netbios-ssn
port-object eq sunrpc
port-object eq 3389
port-object eq ssh
port-object eq telnet
object-group service TCL_2 tcp
port-object eq 8050
port-object eq telnet
object-group service UDP_1 udp
port-object eq 389
port-object eq 445
port-object eq 139
port-object eq 150
port-object eq netbios-ns
port-object eq sunrpc
port-object eq 3389
access-list outside_access_in extended permit tcp any any object-group TCP_1
access-list outside_access_in extended permit tcp any any object-group TCL_2
access-list outside_access_in extended permit udp any any object-group UDP_1
access-list outside_access_in extended permit icmp any any object-group ICMPGRUPO
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu gestion 1500
ip verify reverse-path interface inside
ip verify reverse-path interface outside
no failover
monitor-interface inside
monitor-interface outside
monitor-interface gestion
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 HOST1
static (inside,outside) tcp interface ftp HOST1 ftp netmask
static (inside,outside) tcp interface www HOST1 www netmask
static (inside,outside) tcp interface 8050 HOST2 8050 netmask
static (inside,outside) tcp interface ftp-data HOST1 ftp-data netmask
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http inside
http gestion
http inside
http inside
snmp-server host inside community public version 2c
snmp-server location Sala ROOM
snmp-server contact contact vst
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps remote-access session-threshold-exceeded
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
The administrator has disabled public write access.

Re: PROBLEM CISCO ASA 5505 6 years 8 months ago #33523

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
I'm not positive that I fully understand what the problem is, but for a starter, consider changing this command:

nat (inside) 1 HOST1

Because of the /32 subnet mask used, This NATs only HOST1 ( from the inside, no other hosts from inside would be NATed to the outside. Is this meant to be? I believe it should be some thing like this:

nat (inside) 1
Studying CCNP...

Ammar Muqaddas
Forum Moderator
The administrator has disabled public write access.

Re: PROBLEM CISCO ASA 5505 6 years 8 months ago #33531

  • mdgm02
  • mdgm02's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
I will give a thought and I'll try what you propose

The administrator has disabled public write access.
Time to create page: 0.087 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup