Re: Can`t ping my ASA outside int from the inside

From: Mark Anthony (mctony@ymail.com)
Date: Sat Oct 04 2008 - 14:35:32 ART

• Next message: sajid mavani: "Re: CCIE #22221 - the story"
• Previous message: femi ogunlana: "Re: NBAR"
• Maybe in reply to: Mark Anthony: "Can`t ping my ASA outside int from the inside"
• Next in thread: Farrukh Haroon: "Re: Can`t ping my ASA outside int from the inside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I can now ping the internet router inside int from the inside,USER; thru the
ASA.
  Now, its 1 host that can browse the internet,other can not including my
proxy server what can I do someone please advice on what command to use..
 
I want all inside user to go thru the proxy to browse, except for my 3 servers
which have public ip addrs which I already did a static nat on the ASA.
 
Thanks.

--- On Sat, 10/4/08, Mike Canfield <mike@mcanfield.com> wrote:

From: Mike Canfield <mike@mcanfield.com>
Subject: Re: Can`t ping my ASA outside int from the inside
To: "Mark Anthony" <mctony@ymail.com>
Cc: "ccie groupstudy" <ccielab@groupstudy.com>
Date: Saturday, October 4, 2008, 3:39 PM

You need to enable something called management-interface or something
like that. Its on CCO.

On Oct 4, 2008, at 10:27 AM, Mark Anthony wrote:

> I am using an ASA 5510 between my inside network and the internet
> router.
>
>
>
> I cannot ping my ASA outside interface and the internet router inside
> interface.
>
>
>
> Here is what I want to achieve:
>
> 1. I want my inside users to get to the internet using the proxy addr
>
> 2. I want my inside users to ping the outside int of the ASA.
>
> 3. I want remote users to access just 3 servers in my inside
> network, these
> servers also have a public addresses.
>
>
>
> Below is the config I have presently on the ASA.
>
>
>
> Can someone please help me by providing the configs that will make
> me achieve
> these tasks stated above.
>
>
>
> Thanks in advance
>
>
>
>
>
> ASA Version 7.0(6)
>
> !
>
> hostname ciscoasa
>
> enable password 8Ry2YjIyt7RRXU24 encrypted
>
> names
>
> dns-guard
>
> !
>
> interface Ethernet0/0
>
> description <connection to the internet router>
>
> nameif outside
>
> security-level 0
>
> ip address 194.203.x.x 255.255.255.0
>
> !
>
> interface Ethernet0/1
>
> description <connection to internal networks>
>
> nameif inside
>
> security-level 100
>
> ip address 194.203.x.x 255.255.255.0
>
> !
>
> interface Ethernet0/2
>
> description <connection to servers>
>
> shutdown
>
> nameif DMZ
>
> security-level 50
>
> no ip address
>
> !
>
> interface Ethernet0/3
>
> shutdown
>
> no nameif
>
> no security-level
>
> no ip address
>
> !
>
> interface Management0/0
>
> speed 100
>
> duplex full
>
> nameif management
>
> security-level 0
>
> ip address 192.168.1.1 255.255.255.0
>
> !
>
> passwd 2KFQnbNIdI.2KYOU encrypted
>
> ftp mode passive
>
> access-list 100 extended permit icmp any any echo-reply
>
> access-list 100 extended permit icmp any any time-exceeded
>
> access-list 100 extended permit icmp any any unreachable
>
> access-list 100 extended permit tcp any host 62.x.x.x eq www
>
> access-list 100 extended permit tcp any host 62.x.x.x eq www
>
> access-list 100 extended permit tcp any host 62.x.x.x eq smtp
>
> pager lines 24
>
> logging enable
>
> mtu outside 1500
>
> mtu inside 1500
>
> mtu DMZ 1500
>
> mtu management 1500
>
> no failover
>
> asdm image disk0:/asdm506.bin
>
> no asdm history enable
>
> arp timeout 14400
>
> global (outside) 1 62.x.x.x (proxy server public addres)
>
> nat (inside) 1 0.0.0.0 0.0.0.0
>
> static (inside,outside) 62.173.x.x x.203.101.5 netmask 255.255.255.255
>
> static (inside,outside) 62.173.x.x x.203.101.250 netmask
> 255.255.255.255
>
> static (inside,outside) 62.173.x.x x.203.101.2 netmask 255.255.255.255
>
> access-group 100 in interface outside
>
> route outside 0.0.0.0 0.0.0.0 10.163.x.x 1( isp )
>
> timeout xlate 3:00:00
>
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
>
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
>
> timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
>
> timeout uauth 0:05:00 absolute
>
> no snmp-server location
>
> no snmp-server contact
>
> snmp-server enable traps snmp authentication linkup linkdown coldstart
>
> telnet timeout 5
>
> ssh timeout 5
>
> console timeout 0
>
> Cryptochecksum:0d567cde88308477ab94bd171ee1479e
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: sajid mavani: "Re: CCIE #22221 - the story"
• Previous message: femi ogunlana: "Re: NBAR"
• Maybe in reply to: Mark Anthony: "Can`t ping my ASA outside int from the inside"
• Next in thread: Farrukh Haroon: "Re: Can`t ping my ASA outside int from the inside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:19 ARST