Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2808
Views
5
Helpful
4
Replies

Cisco ASA5520 Basic configuration

Go to solution
haidar_alm
Level 1
Level 1

‎05-22-2012 02:54 AM - edited ‎03-11-2019 04:09 PM

Hello,



This is my 1st time trying to configure an ASA.



I'm trying to establish a very basic connection (ping) between 2 laptops, one sat on the outside interface, and one on the inside as per the diagram below:

Capture.JPG

I can ping back and forth from the ASA to 192.168.1.4, and to 10.1.1.1. However, what I'm trying to achieve is to be able to ping from 10.1.1.1 to 192.168.1.4 and vice versa.


I have attached the configuration file with this post as well.


I suspect it's something simple and silly that I did. Can you please help?


Many thanks,

Labels:
128441-Lab_Study.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to varrao

‎05-22-2012 04:18 AM

Also make sure you open the ACL on outside:

access-list 100 permit tcp any interface outside eq 443

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

View solution in original post

0 Helpful
4 Replies 4

Go to solution
varrao
Level 10
Level 10

‎05-22-2012 03:17 AM

Hi Haider,

you might just need to add this:

static (inside,outside) 192.168.1.4 192.168.1.4

make sure you also put a default route on the 192.168.1.4 machine with ASA inside as the gateway.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Go to solution
haidar_alm
Level 1
Level 1
In response to varrao

‎05-22-2012 03:59 AM

Many thanks for the reply.

It worked, however, I would like to know how!

:)

I already had the (nat and global) command configured on it. Is that not enough?

Also, should the command not be

static (inside,outside) 10.1.1.2 192.168.1.4 255.255.255.255 ? <= i tried it and got an error.

I want the inside address of 192.168.1.4 to be mapped to the outside interface address of 10.1.1.2.

When I do show xlate, i can see that the 192 address is shown as itself globally.

I look forward to your reply.

kr

H

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to haidar_alm

‎05-22-2012 04:17 AM

Hi Haider,

The nat global statements that you have, that is to pat the internal users, when they go out of the outside interface, it is not for connections coming in.

If you want to nat the internal IP with the outside interface of the ASA, you would need:

static (inside,outside) interface 192.168.1.4

But I would not advise that, because this statement would block the complete IP address for the internal server only. I would rather suggest port forwarding, which means, you are using only a single port on that IP. Here's the config:

static (inside,outside) interface 443 192.168.1.4 443

This shoudl  be done.

Hope that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to varrao

‎05-22-2012 04:18 AM

Also make sure you open the ACL on outside:

access-list 100 permit tcp any interface outside eq 443

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card