ASA 5505 configuration problem

rishiprajapati · ‎03-13-2011

Pl. refer file attached.

First I configured Firewall using standalone pc as shown in the III section of attached file. I am able to access web server on from DV APS on the outside standalone pc. Pinging inside pc - DV APS is not possible as per the ACL configured, but the web server is accessible in this connection.

Then I placed the Firewall in customer network which is a Domain network as shown in section I of attached. I am not able to access web server from the external pc of customer which is domain client. Then tried to ping the outside interface of Firewall from customer pc, it is not pinging.

Then removed Firewall & connected inside pc - DV APS directly to customer network & tried to ping from customer pc as shown in section II of attached, it is pinging.

So my question is when I put the Firewall in customer network, why the external pc of customer not able to ping the outside interface of Firewall ? Can this be the issue that web server is not accessible on customer pc thru Firewall ?

Pl. give your inputs to solve this issue.

Thanks in Advance.

Rishi.

mirober2 · ‎03-14-2011

Hi Rishi,

What do you have configured in the output of 'show run icmp' on the firewall? You'll need to make sure you have the appropriate permissions setup to allow the external PC to ping the outside interface.

You may also want to make sure you clear the ARP cache or reload any connected devices when you're swapping the firewall in and out.

Finally, assuming the configuration isn't changing, you should also setup captures on the outside interface to see if traffic is reaching the firewall. This guide should help with that.

https://supportforums.cisco.com/docs/DOC-1222

-Mike