08-06-2014 02:49 AM - edited 03-11-2019 09:35 PM
Guys we have an ASA 5505 which is running 8.2 code
we have three vlans 1, 2, 3
vlan 1 is inside
vlan 3 is connected to another office vlan is 172.168.1.1 (same owners) and we have few servers there which are 192.168.1.0/24 (server farm)
vlan 1 is 10.0.0.0/24
we can ping the servers from inside to the vlan 3 no issues......but we cant ping or access any thing from 192.X network
the access-list is allowed on vlan 3 ip any as its trusted network....
The routes are in placed as wel i cant figure it out i never worked on 8.2 but there is NAT configured maybe that is the issues. which is as under
global (CO_Services) 1 interface (this is vlan 3)
global (OUTSIDEINTERNET) 1 interface
nat (inside) 1 10.0.0.0 255.255.255.0
Guys can someone please help as i am helpless
Thanks
08-06-2014 03:52 AM
So inside can ping/access CO_Services but CO_Services cannot ping/access inside?
Are you running the security plus license on the ASA? (show version)
If you could do a packet tracer and post the output here
packet-tracer input OC_Services tcp 172.168.1.10 12345 10.0.0.10 80 detail
This should give us an indication of if the ASA is blocking the traffic.
Also, would help to see the full configuration (sanitised) of the 5505.
--
Please remember to select a correct answer and rate helpful posts
08-07-2014 03:28 AM
08-07-2014 03:27 AM
Hi
error...is i gues RFP
can you plz advise
Phase: 8
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside) 1 10.0.0.0 255.255.255.0
match ip inside 10.0.0.0 255.255.255.0 CO_Services any
dynamic translation to pool 1 (172.168.1.1 [Interface PAT])
translate_hits = 721, untranslate_hits = 112
Additional Information:
<--- More --->
Result:
input-interface: CO_Services
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
08-07-2014 03:33 AM
The RFP error means that the source address you configured is not found through the source interface, or that is what it normally means.
Could you please post the full output of the packet tracer including the packet-tracer command.
Also please posts a full running config (sanitised) of the ASA.
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Hi
error...is i gues RFP
can you plz advise
Phase: 8
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside) 1 10.0.0.0 255.255.255.0
match ip inside 10.0.0.0 255.255.255.0 CO_Services any
dynamic translation to pool 1 (172.168.1.1 [Interface PAT])
translate_hits = 721, untranslate_hits = 112
Additional Information:
<--- More --->
Result:
input-interface: CO_Services
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule