https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924595#M456907 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Seems your ASAs outside interface IP address is from private IP address range.</P><P></P><P>This needs to be public IP address range also as the hosts behind the ASA will use the interface IP address to connect to Internet and the current IP address isnt routable in Internet as its a private address.</P><P></P><P>You must either have 2 public IP address ranges.</P><UL><LI>One between ISP and your router</LI><LI>One between the Router and ASA</LI></UL><P></P><P>Or you would have to do NAT on the router before the traffic goes to public network.</P><P></P><P>I'm not sure if I understood the setup correctly</P><P></P><P>Also seems strange that your configuration includes "fixups" configurations lines. To my understanding those are only for series 6.x software and any ASA would already come with a minimum of series 7.x software.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 18 Apr 2012 15:52:36 GMT Jouni Forss 2012-04-18T15:52:36Z https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924594#M456902 <P id="post_message_257137">hello for best fourms and all members<BR />i bought cisco asa 5540<BR />i have cisco router 2811 with static ip <BR />XX.xx.XX.x/30<BR />and make nat to conected to internet pat nat<BR />and have <BR />XX.xx.XX.x/29 for exchange server </P><P></P><P>lan ---- asa---router ---internet</P><P></P><P>i want to confiure asa behind router <BR />i mean leave all configure on cisco router <BR />when i make out side and inside lan all is ok<BR />but all pc conected on inside interface of asa 5540 cannot access to internet<BR />and also cannot ping from pc ip on interface outside i permet icmp in servise poilcy and incpection icmp<BR />but i mean no conection not ping only<BR />can any one help me in this</P><P></P><P></P><P>i configured cisco asa 5540 </P><P>and i can ping 4.4.4.4</P><P>and replay me</P><P>but i cannot access to internet from pc conected to lan</P><P>and i can ping interface router conected by asa ip 192.168.193.2 but i cannot ping interfce asa 192.168.193.3</P><P>this my configuration</P><P>-----</P><P>config t</P><P>interfce g0/0 </P><P>nameif outside</P><P>ip address 192.168.193.3 255.255.255.0</P><P>no sh</P><P>interface g0/1</P><P>nameif inside</P><P>ip add 192.168.191.1 255.255.255.0</P><P>no sh</P><P>--</P><P>nat</P><P>nat (inside) 1 192.168.191.1 255.255.255.0</P><P>global (outside) 1 interface</P><P>no nat-control</P><P>hostname Global-Firewall </P><P>domain-name GlobalInvestment </P><P>fixup protocol dns maximum-length 512 fixup protocol ftp 21 </P><P>fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 </P><P>fixup protocol rsh 514 </P><P>fixup protocol rtsp 554 </P><P>fixup protocol sip 5060 </P><P>fixup protocol sip udp 5060 </P><P>fixup protocol skinny 2000 </P><P>fixup protocol smtp 25 </P><P>exit</P><P>http server enable</P><P>username cisco password cisco privliged 15</P><P>http 0.0.0.0 0.0.0.0 inside</P><P>route outside 0.0.0.0 0.0.0.0 192.168.193.2</P><P></P><P>link digram by paket tracer</P><P></P><P><A href="http://www.mediafire.com/?4xo3z2goszogcf1" target="_blank">http://www.mediafire.com/?4xo3z2goszogcf1</A></P><P></P><P>king regards<SPAN id="mce_marker"> </SPAN>config t<BR />interfce g0/0 <BR />nameif outside<BR />ip address 192.168.193.3 255.255.255.0<BR />no sh<BR />interface g0/1<BR />nameif inside<BR />ip add 192.168.191.1 255.255.255.0<BR />no sh<BR />--<BR />nat<BR />nat (inside) 1 192.168.191.1 255.255.255.0<BR />global (outside) 1 interface<BR />no nat-control<BR />hostname Global-Firewall <BR />domain-name GlobalInvestment <BR />fixup protocol dns maximum-length 512 fixup protocol ftp 21 <BR />fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 <BR />fixup protocol rsh 514 <BR />fixup protocol rtsp 554 <BR />fixup protocol sip 5060 <BR />fixup protocol sip udp 5060 <BR />fixup protocol skinny 2000 <BR />fixup protocol smtp 25 <BR />exit<BR />http server enable<BR />username cisco password cisco privliged 15<BR />http 0.0.0.0 0.0.0.0 inside<BR />route outside 0.0.0.0 0.0.0.0 192.168.193.2</P><P></P><P>link digram by paket tracer</P><P></P><P><A href="http://www.mediafire.com/?4xo3z2goszogcf1" target="_blank"><SPAN style="color: #497790;">http://www.mediafire.com/?4xo3z2goszogcf1</SPAN></A><BR />king regards</P> Mon, 11 Mar 2019 22:55:24 GMT https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924594#M456902 CSCO11825412 2019-03-11T22:55:24Z https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924595#M456907 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Seems your ASAs outside interface IP address is from private IP address range.</P><P></P><P>This needs to be public IP address range also as the hosts behind the ASA will use the interface IP address to connect to Internet and the current IP address isnt routable in Internet as its a private address.</P><P></P><P>You must either have 2 public IP address ranges.</P><UL><LI>One between ISP and your router</LI><LI>One between the Router and ASA</LI></UL><P></P><P>Or you would have to do NAT on the router before the traffic goes to public network.</P><P></P><P>I'm not sure if I understood the setup correctly</P><P></P><P>Also seems strange that your configuration includes "fixups" configurations lines. To my understanding those are only for series 6.x software and any ASA would already come with a minimum of series 7.x software.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 18 Apr 2012 15:52:36 GMT https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924595#M456907 Jouni Forss 2012-04-18T15:52:36Z https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924596#M456912 <HTML><HEAD></HEAD><BODY><P> thanks for replay me</P><P>i have puplic ip on router</P><P>and before install asa all lan work to internet no problems with it</P><P>and rouer&nbsp; have nating </P><P>and ip nat inside is 192.168.193.0/24</P><P>ip puplic is 84.253.40.0/30</P><P>84.253.41.0/29 for exchange server and allow port 25</P><P>i put asa after router and inteface outside i put it 192.168.193.3/24 ---------192.168.193.2/24 for router</P><P>and inside i change subnet to 192.168.191.1/24 </P><P>and i try to conect to internet but no ping no browese no internet</P><P>i try to but nating in configration but i think configration missed access-list or something wrong</P><P>wait for help</P><P>best regards</P></BODY></HTML> Wed, 18 Apr 2012 16:10:48 GMT https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924596#M456912 CSCO11825412 2012-04-18T16:10:48Z https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924597#M456914 <HTML><HEAD></HEAD><BODY><P>Hi Mohammad,</P><P></P><P>This is not the complete configration, can you provide the output of "show running-config" from the ASA??</P><P></P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Wed, 18 Apr 2012 18:12:05 GMT https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924597#M456914 varrao 2012-04-18T18:12:05Z https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924598#M456916 <HTML><HEAD></HEAD><BODY><P>can you please give me runing config for my senaro</P><P>full configration</P><P>lan--- asa ---- router----internet</P><P>i just wana lan access to internet</P><P>and send and recive exchange mail server</P><P>i want fully runing -confige for this lab</P><P>can any one help me </P><P>best regards</P></BODY></HTML> Wed, 18 Apr 2012 18:27:21 GMT https://community.cisco.com/t5/network-security/help-in-problem/m-p/1924598#M456916 CSCO11825412 2012-04-18T18:27:21Z