Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1049
Views
0
Helpful
6
Replies

how to allow all traffic from outside to inside on ASA 9.8(1)

hiprecy123
Level 1
Level 1

‎10-04-2019 04:46 AM

hello everyone  i want to allow all the trafiic coming from the subnet(192.168.10.0/24) connected to outside interface  going to the subnet(10.30.30.0/24) connected  to ninside interface  

please  help me   i tried all the ways but still havent yet got the solution 

 

currently am running ios version 9.8(1)   and  the trafiic from inside to outside is working ok  

 

awaiting guys 

1 person had this problem
Labels:
0 Helpful
6 Replies 6

bhargavdesai
Spotlight
Spotlight

‎10-04-2019 05:18 AM

Normally you should create ACL and apply the ACL on Outside interface in "IN" direction.

access-list OUTSIDE_IN extended permit ip 192.168.10.0 255.255.255.0 10.30.30.0 255.255.255.0
access-group OUTSIDE_IN in interface OUTSIDE

If you are having issue, can you send the packet tracer output so that it will give us more idea about problem.

packet-tracer input OUTSIDE tcp 192.168.10.10 80 10.30.30.10 80 detailed


HTH
### RATE ALL HELPFUL RESPONSES ###

0 Helpful

hiprecy123
Level 1
Level 1
In response to bhargavdesai

‎10-06-2019 08:17 PM

Guys i tried that but it didnt work  does the accesslist or the command allow all the traffic including  icmp also ??

 

0 Helpful

bhargavdesai
Spotlight
Spotlight
In response to hiprecy123

‎10-06-2019 09:27 PM

You should have ICMP inspected along with the ACLs. You can do that with below mentioned command.

"Fixup protocol icmp"

If you still having issue. please post the Packet-tracer output for ICMP.

packet-tracer input OUTSIDE icmp 192.168.10.10 8 0 10.30.30.10 detailed

HTH
### RATE ALL HELPFUL RESPONSES ###
0 Helpful

Marius Gunnerud
VIP
VIP
In response to hiprecy123

‎10-06-2019 10:16 PM

To allow the return traffic for ping, you would need to either specifically allow this in the ACL on the outside interface or configure inspection of the ICMP protocol as mentioned by @bhargavdesai .

It would really be helpful to see your full running configuration (remove any public IPs, usernames and passwords) as right now we are just guessing at what might be wrong.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Marius Gunnerud
VIP
VIP

‎10-04-2019 05:19 AM

Would help if you told us exactly what you have tried and also provide us with a full running configuration of your ASA.

Do you have any NAT configuration between the two interfaces you want to allow traffic on?

 

Normally, if this is just between two private IP address spaces, then you would just allow that traffic in an access list on the outside interface.

access-list outside_access_in permit ip 192.168.10.0 255.255.255.0 10.30.30.0 255.255.255.0

access-group outside_access_in in interface outside

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

hiprecy123
Level 1
Level 1
In response to Marius Gunnerud

‎10-04-2019 08:11 AM

yeah those subnets are both private ...but thanks for yr support let me apply that and get back to you
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card