simple ?? interface problem

dufour001 — Mon, 11 Mar 2019 21:07:59 GMT

Hello, I'm currently configuring an ASA5510.

I connected a laptop (IP 192.168.96.18/255.255.255.0) to port 0/2 and tried to ping 192.168.100.2 ... impossible to ping outside interface ...

I resetted the config of the ASA to retest more simple.

Here my config.

What is missing ?

Thx

ASA Version 7.0(8)

hostname ciscoasa

names

dns-guard

interface Ethernet0/0

shutdown

no nameif

no security-level

no ip address

interface Ethernet0/1

nameif OUTSIDE

security-level 100

ip address 192.168.100.2 255.255.255.0

interface Ethernet0/2

nameif INSIDE

security-level 100

ip address 192.168.96.17 255.255.255.0

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list OUTSIDE_access_in extended permit ip any any

access-list OUTSIDE_access_in extended permit icmp any any

access-list INSIDE_access_out extended permit ip any any

access-list INSIDE_access_out extended permit icmp any any

access-list OUTSIDE_access_out extended permit ip any any

access-list OUTSIDE_access_out extended permit icmp any any

access-list INSIDE_access_in extended permit ip any any

access-list INSIDE_access_in extended permit icmp any any

pager lines 24

logging asdm informational

mtu management 1500

mtu OUTSIDE 1500

mtu INSIDE 1500

no asdm history enable

arp timeout 14400

access-group OUTSIDE_access_in in interface OUTSIDE

access-group OUTSIDE_access_out out interface OUTSIDE

access-group INSIDE_access_in in interface INSIDE

access-group INSIDE_access_out out interface INSIDE

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

service-policy global_policy global

: end

simple ?? interface problem

varrao — Fri, 05 Aug 2011 14:35:07 GMT

Hi,

this is the default behavior of ASA, you would never be able to ping a remote interface on the ASA, you can only ping interface inside friom the ASA. This is a security feature which restricts it on the ASA. Remote interfaces do not ping and cannot be used for management access, only the interface which is connected to the host.

Hope this helps.

Thanks,

Varun

topic simple ?? interface problem in Network Security

simple ?? interface problem

simple ?? interface problem