Cisco Firewall :: Unable To Ping Internet IPs From ASA5505 Firewall
Jan 9, 2013
Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2 -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
1. Internet is connected to Juniper Ge0/0/0 via /30 IP.
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.
From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
Issue:
1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
Troubleshooting Done so far.
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3. Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **
View 2 Replies
ADVERTISEMENT
Feb 24, 2011
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
View 2 Replies
View Related
Jul 14, 2011
I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.
View 32 Replies
View Related
Mar 13, 2011
Recently, I have bought an ASA 5505 firewall which I have tried to connect to my ADSL router (Modem).It is now more than a week that I am trying to get internet connection through the firewall but I still can't succeed. I have tried many advices I get from this community but I still don't know what is wrong with my ASA Firewall configuration. From inside I am able to ping the inside and outside interface with a great success. and from my laptop which is connected to the firewall, I am able to ping the both interfaces (inside and outside) but still I can't access the internet.
As I don't have a static IP address from my ISP, I have configured the outside interface to pick up the ip address dynamically. Most of the time, the outside interface get the 192.168.1.2 ip address. [code]
View 5 Replies
View Related
Dec 10, 2012
I've been struggling with gaining access to the inter through our Comcast business gateway. We have had Comcast configure the device fro true static IP subnetting. Turned of local DHCP on the device etc. Here is my config.
ASA Version 9.1(1)
!
hostname TOCN-EX-01A-C5505-GW
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
[code]....
View 9 Replies
View Related
Apr 5, 2013
I have setup 5505 ASA for Testing purposes. It has static route to layer 3 switch on outside interface that goes to the internet.
ciscoasa# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
[Code].....
View 20 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Sep 4, 2012
I have Vlan 100 (inside) and Vlan 65 (Outside)I'm trying to configure RDP and ping traffic from Vlan 100 to Vlan 65 One way.If I connect 2 PCs on E0/0 and E0/1 they can happily ping the their own VLAN ip add 192.168.100.3 and 172.16.65.1I've copied my config,
ASA Version 8.4(4)1
!
names
!
object-group network A_Network
network-object 172.16.65.0 255.255.255.0
[code]....
View 9 Replies
View Related
Apr 18, 2012
We are going to impliment Spectrum (CA) in my network,i have ASA-5580-20 firewall now my spectrum server want to communicate with firewall,then only it will discover the firewall logs.Now the problem is my spectrum server is in MZ zone(10.10.10.45) security leval is 70 and my inside interface(10.20.20.101) security leval is 100.
I am unable to ping from spectrum server to firewall because of high security leval.How can i solve this problem,can i change my inside security leval to 69 then i think it will ping.
View 1 Replies
View Related
May 22, 2012
I have interited an ASA5505 problem. We're trying to manage the ASA remotely - we can connect to the device remotely via IPSec, we can ping other devices on the LAN network, but cannot ping the inside interface of the ASA - nor can we telnet/ssh/http to it. We can, however, connect to another router that's on the LAN and then SSH into the ASA's inside interface.
My IP via VPN: 10.133.20.8
The ASA interface we're trying to connect to via SSH or ASDM: 10.4.209.254
A router on the LAN we can connect to 10.4.209.250
We can ping other LAN devices such as 10.4.209.75, .90, .150 - so it's not a NAT/Route/Split Tunnel issue.I've attached the ASA config.
hostname ASA5505
enable password XXXXXXXXXXX encrypted
passwd XXXXXXXXXX encrypted
names
name 10.4.209.248 rpm_router
[code]....
View 2 Replies
View Related
Feb 26, 2013
I'm a CIsco ISR, Setting up my first ASA, which seems to be going well.I've setup an IPSEC VPN to a non Cisco device. And have connectivity between devices in each subnet.
-Subnet A - non Cisco - 10.10.13.0/24
-Subnet B - ASA 5505 - 192.168.2.0/24 (ASA is .254)
From Subnet A I can ping every device except the ASA on .254.
Edited Config attached, IP's changed for privacy, passwords removed.Let me know if I've removed too much of the config.
View 3 Replies
View Related
Sep 29, 2012
I just try to ping a internal Host but it want to go.
Laptop<===>ASA5505
Connected is the Laptop at Ethernet 0/2 Inside
My running-config is a clear config, only VLAN 1 has a IP and Ethernet 0/2 is up.
But If I try to ping to the Laptop I get the followed:
asa5505# ping 192.168.1.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
asa5505#
From the Laptop to the ASA5505 I can Ping successfully.
View 6 Replies
View Related
Aug 2, 2011
I have Cisco ASA 5505 installed and use as default gateway. I go to Internet through the ASA5505 Here is my Problem.I can not ping from ASA prompt(ASA#) to my Laptop connected to the ASA, but i can ping the ASA inside interface from laptop i can not use ASDM and the VPN Tunnel is not working between the sie
ASA# ping 10.10.10.12
???????????
100% lost
Laptop c
C:/ping 10.10.10.1
!!!!!!!!!!!!!!!!
Here is the Topology
INTERNET .<=========================>ASA<===============================> LAPTOP
I disabled window firewall on the Laptop , but no goof result.
View 3 Replies
View Related
Sep 13, 2012
I am trying to access and ping the inside interface of a ASA5505 from a remote network. From the remote network, I am able to access anything on the local network, but the ASA5505 inside interface.The 2 networks linked by a fiber link which have a transport network on another interface. From the remote network, I am able to ping the transport network interface IP, but I would like to be able to ping the inside interface IP. When I do a packet tracer, I get a deny from an implicit rule.How can I achieve that?
Here are the subnets involved and the ASA5505 config.
Remote network : 10.10.2.0/24
Local network : 10.10.1.0/24
Transport network : 10.10.99.0/24
[code]....
View 1 Replies
View Related
Sep 10, 2012
Running ASA 5505
ASA Version: asa844-1-k8.bin
ASDM: Cisco ASDM 6.2(1)
I updated my ASA with version asa844-1-k8.bin.
However, whenever I try and run the ASDM client, I get the following error:
"Your ASA image has a version number 8.4(4)1 which is not supported by ASDM 6.2(1)."
How do I get the latest version installed on my Mac desktop? I know that I can connect via the web interface and run the ASDM client, but the same error persists. I have the asdm-649-103.bin file, but cannot connect to the ASA to install (I don't recall ever setting up SSH).
View 5 Replies
View Related
Apr 17, 2013
I have an unusual issue, for which I can find nothing on the net similar.
Setup:
ASA5505 = > CISCO3524 => Windows 2012 server
ASA is internet edge with ACL / NAT implemented.
We are wanting to implement inbound NATs for this server - 3389. We have many other servers on the internal side of this ASA that we are NATing to. Creating NATs using the same outside IP to another server is fine, no issues. This other test server resides on the same VLAN as the windows 2012 server. All IPv6 is turned off on the W2012 server, and it can web-browse out via the ASA as well. No matter what I do, however I cannot get iinbound NAT, on ANY port to this server working. Internally from another server to this server on any port is fine, i.e. we can RDP to this server without issue, so we know this works - the firewall on this server is turned off too. This is our ONLY w2012 server on the internal side. When we run a wireshark on the server whilst testing the NAT there is no traffic, so its getting blocked somewhere.
The config of the ASA is fairly big to to santize it and remove all customer reference would take a while to make display of this secure difficult.
View 1 Replies
View Related
Mar 7, 2011
I have a client ASA5505 generating this level 3 log message:
3 Mar 08 2011
19:48:34
IKE Initiator unable to find policy: Intf outside, Src: 192.168.0.2, Dst: 192.168.1.3
All the site-to-site tunnels on this ASA are up, so I don't know the meaning and signifcance of this log message or how to address it.
View 6 Replies
View Related
Jul 19, 2007
I have an ASA5505 running ver 8.0(2). I have configured the ssh timeout, ssh host commands and did the crypt o key gen. I am unable to access the device from the host I am allowing. Is there like ca save all command required? I am trying to use the default pix and telnet password. Do those still work?
View 3 Replies
View Related
Dec 20, 2011
Ths only hapeens at one location. All the other locations are working the difference is this location goes through the firewall. If I bypass the firewall at this location it works.
View 1 Replies
View Related
Sep 9, 2011
I just tried to configure my ASA but unable to ping. My setup is as follows:
Cable Modem (DHCP from IPS)---> ASA (192.168.1.1)--->Belking Router (192.168.5.1)--->Switch (192.168.5.14)--->
ASA Version 8.2(3)
!
hostname WoodHomeASA-1
[Code].....
View 30 Replies
View Related
Mar 29, 2012
I have the following setup.
host PC (192.168.9.3) -----> gateway (192.168.9.2) ----- Pix E1 (192.168.9.1)/Pix E0 (81.x.x.250) ------ Internet
The 192.168.9.2 gateway is a 3560 switch connected to the PIX. I can ping out to the Internet via IP from the PIX, but not via the host PC (192.168.9.3) on the LAN. PIX and gateway configs below. Am I missing something that's preventing me pinging out to the Internet from the internal LAN?
PIX config
test-cal-pix01# sh run
: Saved
:
PIX Version 8.0(3)
!
hostname test-cal-pix01
enable password btf1YD.Vq7mE6vEA encrypted
[code]....
View 1 Replies
View Related
Oct 10, 2012
I'm able to build my tunnel but unable to RDP nor ICMP back to the internal network.
VPN Client IP: 192.168.200.200
INTERNAL IP: 172.17.130.200
my configuration is below:
HOME-ASAFW02(config)# wr t: Saved:ASA Version 8.4(4)!hostname HOME-ASAFW02domain-name hsd1.nj.comcast.netenable password ViPq56cvd3SGvB08 encryptedpasswd 8bcozHCAwCqA5BmN encryptednames!interface Ethernet0/0description OUTSIDE-Connectionswitchport access vlan 2switchport protected!interface Ethernet0/1description INSIDE-Connectionswitchport protectedspeed 100duplex full!interface Ethernet0/2description WiFi-LinkSYSswitchport access vlan 3switchport protected!interface Ethernet0/3shutdown!interface Ethernet0/4shutdown!interface Ethernet0/5shutdown!interface Ethernet0/6shutdown!interface Ethernet0/7shutdown!interface Vlan1description INTERNAL-Networknameif insidesecurity-level 100ip address 172.17.130.129 255.255.255.128!interface Vlan2description OUTSIDE-Link-to-ISPnameif
[code]....
View 12 Replies
View Related
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Dec 1, 2012
I' d like to have some support for a very-basic PIX firewall configuration. I 'm dealing with PIX 515E. Inside hosts can ping inside interface , outside hosts outside interface and so on. Simply i cannot ping outside interface from inside hosts, Inside host-192.168.1.0
Outside - any host like google.com, or to check my isp link's dns ip. I have attached the pix configuration text file to test.
View 10 Replies
View Related
Aug 12, 2012
I configured a new Asa 5505 with Ios 8.44-1-k8.bin and when I installed the Asa the client's after about 1 hour were unable to ping or map drives to the Asa. I got the following error,%ASA-2-106007: Deny inbound UDP from XXXX to XXXX due to DNS Query. I added the command same-security-traffic permit intra-interface they were then able to ping the server and connect to the Internet, but still unable to map drives i could see the connections from the Pc's to the server in a show conn with was tcp port 445 with Saa? I reverted back to Ios 8.25 and everything works.
View 2 Replies
View Related
Mar 31, 2011
We have two ASA5510s, each with outside interfaces to the same two ISPs (different IP addresses within the same subnet, of course). Both ASAs allow ICMP on all (inside and outside) interfaces. One ASA's default route is to ISP-1 and the other is to ISP-2. We can ping the default gateways for both ISPs from only one ASA. From the other ASA, we can only ping the default gateway for the default route but not the other. The pings originate from an inside client, first configured with the default gateway for ASA-1, then for ASA-2. Why does this happen, how do I troubleshoot something like this and how do I fix it?
View 1 Replies
View Related
Nov 27, 2012
One of my client has BSNL leased line with LAN IP POOL we configured those on ASA 5510 nad Internet working fine but from cloud we are not getting any response for ping requiest please find running configuration below:
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(1)
[Code]....
View 4 Replies
View Related
May 3, 2012
one of my SNMP server 10.242.103.42 sits in MZ zone,and ACE 4710 is connected to core switch,coreswitch is connected to firewall asa.
Now iam trying to ping from MZ zone SNMP server to loadbalancer ip 10.242.105.1,iam unable to ping my LB interface to discover SLB on my SNMP server.
View 1 Replies
View Related
Jul 26, 2011
I am unable to ping inside interface (Rin) to outside interface (Rout) of my Cisco ASA 5520 runing on ASA Version 8.4(1).
ASA Version 8.4(1)
!
hostname FW5520
[Code].....
View 10 Replies
View Related
Feb 17, 2012
I have 2 modules of FWSM in 6500 switch (failover). I need 5 context. When I use in routed mode (like in the picture) , I cannot ping the servers behind the firewall. (I have ping to FW context) In transparent mode, it is not happening.
View 1 Replies
View Related
Feb 3, 2012
When I tried to upgrading PIX525 6.3 to 7.0 , Not able to Ping the host from the PIX 525 Inside interface which is on the same subnet, Also from the host to Inside Interface , Tried with Directly connected laptop with Cross cable and using Straight cable via switch, But the results end with fail.
View 2 Replies
View Related
Mar 17, 2013
I have created a VPN connection for ASA 5512-X by using the wizards and nothing seems to be wrong on the wizards's config.I am able to connect to the network by using the VPN but unable to ping internal network.Below is my config for your reference:
Result of the command: "sh run"
: Saved
:
ASA Version 8.6(1)2
!
hostname FAA-ASA-1
enable password crzcsirI44h2BHoz encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code].....
View 6 Replies
View Related
May 11, 2010
Recently installed an ASA5505 for a client. They have Verizon DSL (7mb down, 384up package). So my config is Verizon (Westell) DSL modem connected to e0/0 (VLAN2) of ASA. From there I have e0/1 (VLAN1) connected to a 3COM 2250 Plus 50 port switch.
Since installing the ASA client has been complaining of a major slow down in Internet speed. Contacted ISP and they had me remove the firewall from the equation and hook modem directly to laptop. With this setup I get between 6-7mb download speeds. When I put the ASA back into the mix though, the speed drops significantly. The speed will varry but 90% of the time they do not even get 1mb download speeds.
The configuration is pretty straight forward, not doing a whole lot with the box other then using it for VPN (IPSEC).
View 20 Replies
View Related