https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703206#M535741 <HTML><HEAD></HEAD><BODY><P>route are</P><P></P><P>ASA#&nbsp; route outside 0.0.0.0 0.0.0.0 192.168.100.1 1</P><P></P><P>Server# IP=10.34.249.35&nbsp;&nbsp;&nbsp;&nbsp; DG gateway is: 192.168.5.1</P><P></P><P>juniper int 10.34.249.0 is directly connted to ASA e2 interface</P></BODY></HTML> Tue, 19 Jul 2011 07:10:15 GMT pawanharlecisco 2011-07-19T07:10:15Z https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703199#M535719 <P>hi,</P><P>&nbsp;&nbsp;&nbsp; Please go thorugh my daigram.&nbsp; ip want to assign 10.34.249.34,10.34.249.35,10.34.249.36 ip address directly to servers and this server would be accesable from 20.20.20.20 HQ router.</P><P>and if server want to go to internet then it would use 192.168.100.1 bsnl access internet.</P><P></P><P>Please help me , i have not yet configured.</P><P></P><P>Please help me..</P><P></P><P>Regards</P><P>Pawan</P> Mon, 11 Mar 2019 21:00:10 GMT https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703199#M535719 pawanharlecisco 2019-03-11T21:00:10Z https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703200#M535722 <HTML><HEAD></HEAD><BODY><P>Hi Pawan,</P><P></P><P>No issues with that, you would need the following config, let say e0/2 interface is named "juniper", then: </P><P></P><P>lets say you want to access the servers from there real ip only:</P><P></P><P>static (inside,juniper) 10.34.249.34 10.34.249.34</P><P>static (inside,juniper) 10.34.249.35 10.34.249.35</P><P></P><P>static (inside,juniper) 10.34.249.36 10.34.249.36</P><P></P><P></P><P>and for internet access:</P><P>nat (inside) 1 10.34.249.0 255.255.255.0</P><P>global (bsnl) 1 interface</P><P></P><P>thats it,</P><P></P><P>-Varun</P></BODY></HTML> Tue, 19 Jul 2011 02:18:42 GMT https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703200#M535722 varrao 2011-07-19T02:18:42Z https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703201#M535727 <HTML><HEAD></HEAD><BODY><P>Thnx sir.</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; please tell me, what will the gateway of server.</P></BODY></HTML> Tue, 19 Jul 2011 04:44:19 GMT https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703201#M535727 pawanharlecisco 2011-07-19T04:44:19Z https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703202#M535732 <HTML><HEAD></HEAD><BODY><P>The gateway for the server would be the ASA inisde interface or if the switch is an L3 switch, it would be the switch interface.</P><P></P><P>Hope this helps</P><P></P><P>Thanks,</P><P>-Varun</P></BODY></HTML> Tue, 19 Jul 2011 04:55:47 GMT https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703202#M535732 varrao 2011-07-19T04:55:47Z https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703203#M535736 <HTML><HEAD></HEAD><BODY><P>Sir,</P><P>it is not working..</P><P>Server to juniper and juniper to server:shows request time out.</P><P>server to bsnl modem: show request time out.</P><P></P><P>please find the config below, and suggest me.</P><P></P><P>Thanks</P><P>pawan</P><P></P><P>!</P><P>interface Ethernet0</P><P> nameif outside</P><P> security-level 0</P><P> ip address 192.168.100.200 255.255.255.0</P><P>!</P><P>interface Ethernet1</P><P> nameif inside</P><P> security-level 100</P><P> ip address 192.168.5.1 255.255.255.0</P><P>!</P><P>interface Ethernet2</P><P> nameif juniper</P><P> security-level 0</P><P> ip address 10.34.249.50 255.255.255.0</P><P>!</P><P>interface Ethernet3</P><P> shutdown</P><P> no nameif</P><P> no security-level</P><P> no ip address</P><P>!</P><P>interface Ethernet4</P><P> shutdown</P><P> no nameif</P><P> no security-level</P><P> no ip address</P><P>!</P><P>passwd 2KFQnbNIdI.2KYOU encrypted</P><P>ftp mode passive</P><P>access-list outside-in extended permit icmp any any</P><P>access-list outside-in extended permit ip any any</P><P>access-list 101 extended permit ip any host 10.34.249.35</P><P>pager lines 24</P><P>mtu outside 1500</P><P>mtu juniper 1500</P><P>mtu inside 1500</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>no asdm history enable</P><P>arp timeout 14400</P><P>global (outside) 1 interface</P><P>nat (inside) 1 10.34.249.0 255.255.255.0</P><P>static (inside,juniper) 10.34.249.35 10.34.249.35 netmask 255.255.255.255</P><P>static (inside,juniper) 10.34.249.36 10.34.249.36 netmask 255.255.255.255</P><P>access-group outside-in in interface outside</P><P>access-group 101 in interface juniper</P><P>route outside 0.0.0.0 0.0.0.0 192.168.100.1 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout uauth 0:05:00 absolute</P><P>dynamic-access-policy-record DfltAccessPolicy</P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>console timeout 0</P><P>threat-detection basic-threat</P><P>threat-detection statistics access-list</P><P>!</P><P>!</P><P>prompt hostname context</P><P>Cryptochecksum:00000000000000000000000000000000</P><P>: end</P></BODY></HTML> Tue, 19 Jul 2011 05:58:37 GMT https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703203#M535736 pawanharlecisco 2011-07-19T05:58:37Z https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703204#M535737 <HTML><HEAD></HEAD><BODY><P>Take captures for both the traffics:</P><P></P><P>access-list cap permit ip host 10.34.249.35 host 192.168.100.1</P><P>access-list cap permit ip host 192.168.100.1 host 10.34.249.35 </P><P>access-list cap permit ip host 192.168.100.1 host 192.168.100.200</P><P>access-list cap permit ip host 192.168.100.200 host 192.168.100.1</P><P></P><P>cap capo access-list cap interface outside</P><P>cap capin access-list cap interface inside</P><P></P><P>for server to inside:</P><P></P><P>add the following:</P><P>global (juniper) 1 interface</P><P>access-list 101 extended permit icmp any any</P><P></P><P></P><P>access-list cap1 permit ip host 10.34.249.35 host 20.20.20.20</P><P>access-list cap1 permit ip host 20.20.20.20 host 10.34.249.35 </P><P>access-list cap1 permit ip host 10.34.249.50 host 20.20.20.20</P><P>access-list cap1 permit ip host 20.20.20.20 host 10.34.249.50</P><P></P><P>cap capjun access-list cap1 interface juniper</P><P>cap capi access-list cap1 interface inside</P><P></P><P></P><P>After doing this config, initiate pings and then collect these captures.</P><P></P><P>Check the logs on the ASA, why it is denying traffic.</P><P></P><P><A class="jive-link-external-small" href="https://community.cisco.com/docs/DOC-17345">https://supportforums.cisco.com/docs/DOC-17345#comment-8416</A></P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Tue, 19 Jul 2011 06:34:33 GMT https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703204#M535737 varrao 2011-07-19T06:34:33Z https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703205#M535739 <HTML><HEAD></HEAD><BODY><P>ASA# sh capture</P><P>capture cap type raw-data [Capturing - 0 bytes]</P><P>capture capo type raw-data access-list cap interface outside [Capturing - 0 bytes]</P><P>capture capin type raw-data access-list cap interface inside [Capturing - 0 bytes]</P><P>capture capjun type raw-data access-list cap1 interface juniper [Capturing - 0 bytes]</P><P>capture capi type raw-data access-list cap1 interface inside [Capturing - 0 bytes]</P></BODY></HTML> Tue, 19 Jul 2011 07:01:48 GMT https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703205#M535739 pawanharlecisco 2011-07-19T07:01:48Z https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703206#M535741 <HTML><HEAD></HEAD><BODY><P>route are</P><P></P><P>ASA#&nbsp; route outside 0.0.0.0 0.0.0.0 192.168.100.1 1</P><P></P><P>Server# IP=10.34.249.35&nbsp;&nbsp;&nbsp;&nbsp; DG gateway is: 192.168.5.1</P><P></P><P>juniper int 10.34.249.0 is directly connted to ASA e2 interface</P></BODY></HTML> Tue, 19 Jul 2011 07:10:15 GMT https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703206#M535741 pawanharlecisco 2011-07-19T07:10:15Z https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703207#M535742 <HTML><HEAD></HEAD><BODY><P>Sir please help me.</P></BODY></HTML> Tue, 19 Jul 2011 09:01:48 GMT https://community.cisco.com/t5/network-security/help-in-asa-configuration/m-p/1703207#M535742 pawanharlecisco 2011-07-19T09:01:48Z