topic Re: ASA 5520 Blocking all traffic in Network Security

ASA 5520 Blocking all traffic

marcelo_ca — Fri, 21 Feb 2020 14:37:11 GMT

Hi everyone! I'm a college student and new to Cisco firewalls. This is my first project using ASA5520 and I'm having some issues. The firewall part is pretty basic but I'm not being able to accomplish the task. On my OUTSIDE zone I have a network using OSPF, RIPv2, and Internet Tunnel, everything runs smoothly, all dynamic routes are working, ping, SSH access and so on. On my INSIDE network a have two servers, one FTP and one Webserver (Apache). After configuring my ASA, I can see that all dynamic routes are created successfully, and from ASA the command traceroute works to anywhere on my network INSIDE or OUTSIDE. Now comes the problem, I can't access my servers from OUT to IN and from my servers I can't reach anything at OUTSIDE zone, none of the commands work (ping, tracert from stations or routers). I'm attaching the configurations for all devices and my network topology as well. Any kind of help or suggestion will be very appreciated. Thank you!

Re: ASA 5520 Blocking all traffic

Flavio Miranda — Wed, 01 Nov 2017 17:57:42 GMT

Hi @marcelo_ca

Try this:

interface gi0/0
nameif OUTSIDE
security-level 0
ip add 172.16.1.2 255.255.255.252
ip nat OUTSIDE
no shut

interface gi0/3
nameif INSIDE
security-level 100
ipp add 172.16.0.81 255.255.255.240
ip nat INSIDE
no shut

-If I helped you somehow, please, rate it as useful.-

Re: ASA 5520 Blocking all traffic

marcelo_ca — Wed, 01 Nov 2017 18:59:23 GMT

Hi Flavio, thanks for replying.
It didn't work.
I did a test using the same configuration on the firewall but with only one PC as outside network, and it worked perfectly. Any other suggestion? I'll try to erase and do all the configuration again. Thank you.

Re: ASA 5520 Blocking all traffic

Flavio Miranda — Wed, 01 Nov 2017 20:03:45 GMT

Take a look in routing. I didn´t see it on your config.

You may need a default route point to your gateway for access coming from outside.

-If I helped you somehow, please, rate it as useful.-

Re: ASA 5520 Blocking all traffic

Marius Gunnerud — Wed, 01 Nov 2017 23:10:01 GMT

The firewall doesn't have a default route. You will either need to configure it manually or add the "default-information originate" command on R1 under the ospf 1 process.

Re: ASA 5520 Blocking all traffic

marcelo_ca — Thu, 02 Nov 2017 18:53:05 GMT

Hi, thank you very much for helping. It's working now, except for R2 network which is on the other side of the Tunnel0. From the Firewall I can traceroute to the Router and PC but I can't connect on my FTP Server from PC. Is any other way of setting a Tunnel, I guess that static route used for the Tunnel (ip route 0.0.0.0 0.0.0.0 204.225.107.182). Thank you.

Re: ASA 5520 Blocking all traffic

Marius Gunnerud — Sat, 04 Nov 2017 23:08:16 GMT

Is the tunnel up? can you ping the tunnel interface at the other end? Is R2 receiving a route over OSPF for 172.16.0.80/28?