I am running an ASA 5505, V8.2.5 with security plus license.
I have added an additional vlan (Vlan100) to the asa and need it be identical in nature to vlan 1. For someone reason for PC's that are connected to vlan 1, I can't ping the gateway on vlan 100. PC's that are on vlan 1, can ping interface vlan gateway 192.168.0.171 and other PC's on vlan 1.
Can you someone take a look at my config and tell me what I need to add for the following to occur:
- vlan100 to get natted just like vlan 1 out to the internet.
-ping from vlan1 to vlan100, vice versa
- allow access from outside to access servers test 4 and test 5, http and www.
I bolded what I added.
ASA Version 8.2(5) ! hostname ASA
names name 192.168.0.244 barr name 192.168.0.85 ewa name 192.168.0.129 test1 name 192.168.0.127 test6 name 192.168.0.139 test2 name 192.168.0.144 test3 name 192.168.100.10 test4 name 192.168.100.11 test5 ! interface Ethernet0/0 switchport access vlan 2 speed 100 duplex full ! interface Ethernet0/1
description trunk to hp switch switchport trunk allowed vlan 1,100 switchport mode trunk ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.171 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address **Outside IP** 255.255.255.252 ! interface Vlan3 shutdown nameif dmz security-level 50 no ip address ! interface Vlan100 nameif voice-network security-level 100 ip address 192.168.100.1 255.255.255.0 ! boot system disk0:/asa825-k8.bin ftp mode passive clock timezone CST -6 clock summer-time CDT recurring dns server-group DefaultDNS domain-name test.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object eq https object-group service DM_INLINE_TCP_2 tcp port-object eq imap4 port-object eq pop3 port-object eq smtp access-list inside_nat0_outbound extended permit ip any 192.168.0.128 255.255.255.128 access-list vpn_splitTunnelAcl_2 standard permit 192.168.0.0 255.255.255.0 access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_2 access-list outside_access_in extended permit tcp any any eq ftp access-list outside_access_in extended permit udp any any eq domain access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1 access-list capout extended permit tcp any interface outside eq smtp access-list capout extended permit tcp interface outside eq smtp any access-list capin extended permit tcp any host Barracuda eq smtp access-list inside_access_in extended permit ip any any pager lines 24 logging enable logging asdm informational logging ftp-server 192.168.0.46 / syslog ***** no logging message 106015 no logging message 313001 no logging message 313008 no logging message 106023 no logging message 710003 no logging message 106100 no logging message 302015 no logging message 302014 no logging message 302013 no logging message 302018 no logging message 302017 no logging message 302016 no logging message 302021 no logging message 302020 flow-export destination inside 192.168.0.5 2055 flow-export template timeout-rate 1 flow-export delay flow-create 15 mtu inside 1500 mtu outside 1500 mtu dmz 1500 mtu voice-network 1500 ip local pool pool1 192.168.0.172-192.168.0.197 mask 255.255.255.0 ip local pool pool2 192.168.0.218-192.168.0.219 mask 255.255.255.0 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-647.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.0.0 255.255.255.0 static (inside,outside) tcp interface domain 192.168.0.5 domain netmask 255.255.255.255 static (inside,outside) tcp interface smtp barr smtp netmask 255.255.255.255 static (inside,outside) udp interface domain 192.168.0.5 domain netmask 255.255.255.255 static (inside,outside) tcp interface ftp test2 ftp netmask 255.255.255.255 static (inside,outside) tcp interface www test3 www netmask 255.255.255.255 static (inside,outside) tcp interface https test3 https netmask 255.255.255.255 static (inside,outside) tcp interface imap4 test3 imap4 netmask 255.255.255.255 static (inside,outside) tcp interface pop3 test3 pop3 netmask 255.255.255.255 access-group inside_access_in in interface inside access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 **Outside Router** 1
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...