From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sat Oct 04 2008 - 12:44:12 ART
No , One can not ping from inside to the outside interface. There are
several tests which one want to perform by sitting from inside but one can
not.
2008/10/4 Mark Anthony <mctony@ymail.com>
> I am using an ASA 5510 between my inside network and the internet router.
>
>
>
> I cannot ping my ASA outside interface and the internet router inside
> interface.
>
>
>
> Here is what I want to achieve:
>
> 1. I want my inside users to get to the internet using the proxy addr
>
> 2. I want my inside users to ping the outside int of the ASA.
>
> 3. I want remote users to access just 3 servers in my inside network, these
> servers also have a public addresses.
>
>
>
> Below is the config I have presently on the ASA.
>
>
>
> Can someone please help me by providing the configs that will make me
> achieve
> these tasks stated above.
>
>
>
> Thanks in advance
>
>
>
>
>
> ASA Version 7.0(6)
>
> !
>
> hostname ciscoasa
>
> enable password 8Ry2YjIyt7RRXU24 encrypted
>
> names
>
> dns-guard
>
> !
>
> interface Ethernet0/0
>
> description <connection to the internet router>
>
> nameif outside
>
> security-level 0
>
> ip address 194.203.x.x 255.255.255.0
>
> !
>
> interface Ethernet0/1
>
> description <connection to internal networks>
>
> nameif inside
>
> security-level 100
>
> ip address 194.203.x.x 255.255.255.0
>
> !
>
> interface Ethernet0/2
>
> description <connection to servers>
>
> shutdown
>
> nameif DMZ
>
> security-level 50
>
> no ip address
>
> !
>
> interface Ethernet0/3
>
> shutdown
>
> no nameif
>
> no security-level
>
> no ip address
>
> !
>
> interface Management0/0
>
> speed 100
>
> duplex full
>
> nameif management
>
> security-level 0
>
> ip address 192.168.1.1 255.255.255.0
>
> !
>
> passwd 2KFQnbNIdI.2KYOU encrypted
>
> ftp mode passive
>
> access-list 100 extended permit icmp any any echo-reply
>
> access-list 100 extended permit icmp any any time-exceeded
>
> access-list 100 extended permit icmp any any unreachable
>
> access-list 100 extended permit tcp any host 62.x.x.x eq www
>
> access-list 100 extended permit tcp any host 62.x.x.x eq www
>
> access-list 100 extended permit tcp any host 62.x.x.x eq smtp
>
> pager lines 24
>
> logging enable
>
> mtu outside 1500
>
> mtu inside 1500
>
> mtu DMZ 1500
>
> mtu management 1500
>
> no failover
>
> asdm image disk0:/asdm506.bin
>
> no asdm history enable
>
> arp timeout 14400
>
> global (outside) 1 62.x.x.x (proxy server public addres)
>
> nat (inside) 1 0.0.0.0 0.0.0.0
>
> static (inside,outside) 62.173.x.x x.203.101.5 netmask 255.255.255.255
>
> static (inside,outside) 62.173.x.x x.203.101.250 netmask 255.255.255.255
>
> static (inside,outside) 62.173.x.x x.203.101.2 netmask 255.255.255.255
>
> access-group 100 in interface outside
>
> route outside 0.0.0.0 0.0.0.0 10.163.x.x 1( isp )
>
> timeout xlate 3:00:00
>
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
>
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
>
> timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
>
> timeout uauth 0:05:00 absolute
>
> no snmp-server location
>
> no snmp-server contact
>
> snmp-server enable traps snmp authentication linkup linkdown coldstart
>
> telnet timeout 5
>
> ssh timeout 5
>
> console timeout 0
>
> Cryptochecksum:0d567cde88308477ab94bd171ee1479e
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Muhammad Nasim Network Engineer Saudi ArabiaBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:19 ARST