Please find running configuration of firewall as below. ASA Version 8.2(5) ! hostname ciscoasa enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names name 192.168.1.10 WEB_SERVER name 10.2.56.100 WEB_SERVER_OUTSIDE ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 10.2.56.220 255.255.252.0 ! ftp mode passive object-group network DM_INLINE_NETWORK_1 network-object host WEB_SERVER_OUTSIDE network-object host WEB_SERVER object-group network DM_INLINE_NETWORK_2 network-object host WEB_SERVER_OUTSIDE network-object host WEB_SERVER object-group network DM_INLINE_NETWORK_3 network-object host WEB_SERVER_OUTSIDE network-object host WEB_SERVER object-group network DM_INLINE_NETWORK_4 network-object host WEB_SERVER_OUTSIDE network-object host WEB_SERVER object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_2 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_3 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_4 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp access-list outside_access extended permit object-group DM_INLINE_PROTOCOL_2 any object-group DM_INLINE_NETWORK_2 access-list outside_access extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_3 any access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 any object-group DM_INLINE_NETWORK_1 access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 object-group DM_INLINE_NETWORK_4 any pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 static (outside,inside) WEB_SERVER WEB_SERVER_OUTSIDE netmask 255.255.255.255 access-group inside_access_in in interface inside access-group outside_access in interface outside route inside 0.0.0.0 0.0.0.0 10.2.56.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.5-192.168.1.254 inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:dcdfbc57eeea40716289b8bf0b33e484

Hello,

 

Could you please attach the config within a .txt file and add a show route?

 

Regards,

Result of the command: "show running-config"

: Saved
:
ASA Version 8.2(5)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.1.10 WEB_SERVER
name 10.2.56.100 WEB_SERVER_OUTSIDE
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 10.2.56.220 255.255.252.0
!
ftp mode passive
object-group network DM_INLINE_NETWORK_1
network-object host WEB_SERVER_OUTSIDE
network-object host WEB_SERVER
object-group network DM_INLINE_NETWORK_2
network-object host WEB_SERVER_OUTSIDE
network-object host WEB_SERVER
object-group network DM_INLINE_NETWORK_3
network-object host WEB_SERVER_OUTSIDE
network-object host WEB_SERVER
object-group network DM_INLINE_NETWORK_4
network-object host WEB_SERVER_OUTSIDE
network-object host WEB_SERVER
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
access-list outside_access extended permit object-group DM_INLINE_PROTOCOL_2 any object-group DM_INLINE_NETWORK_2
access-list outside_access extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_3 any
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 any object-group DM_INLINE_NETWORK_1
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 object-group DM_INLINE_NETWORK_4 any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
static (outside,inside) WEB_SERVER WEB_SERVER_OUTSIDE netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access in interface outside
route inside 0.0.0.0 0.0.0.0 10.2.56.220 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:dcdfbc57eeea40716289b8bf0b33e484
: end

Please Find attached files of running configuration of CISCO ASA5505.

Please Find attached files of running configuration of CISCO ASA5505.

Hello Kishan,

 

I was checking your configuration, and I have some doubts, could you please help me understand the following;

 

1. The outside interface is configured within the network 10.2.56.0/22 as shown in the configuration

 

interface Vlan2
nameif outside
security-level 0
ip address 10.2.56.220 255.255.252.0 

 

But the default route its missconfigured is pointing to the inside interface instead of the outside interface:

 

route inside 0.0.0.0 0.0.0.0 10.2.56.220 1  --> 10.2.56.220 is an ip address within the outside interface range, more over is the ip address of the outside interface itself.

 

2. On the network diagram it seems that the 172.22.14.1 is behind the inside interface, I am not sure if it is directly connected but the ASA inside interface is configured within the 192.168.1.0 subnet and there is no route for 172.22.14 subnet.

 

Please let me know if thats the way it should be configured.

 

Regards,

Dear,

 

Actually i am trying to find out by changing gateway and so om so might be the configuration is not so perfect.

 

Please go through pdf file attached with reply which clarify the network and accordingly please suggest me changes or send me new configuration file...

Dear Kornelia Gutierrez,

Thanks for Prompt reply.
Please Note that I want 192.168.1.0 interface is configure for
firewall only. And outside interface which is unsecured zone is 10.2.56.0/22
and secured zone is 172.22.14.0/24.