cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
199
Views
0
Helpful
4
Replies

ASA 5505 issue (8.2 IOS)

The_guroo_2
Explorer
Explorer

Guys we have an ASA 5505 which is running 8.2 code

 

we have three vlans 1, 2, 3

 

vlan 1 is inside

vlan 3 is connected to another office  vlan is 172.168.1.1 (same owners) and we have few servers there which are 192.168.1.0/24 (server farm)

 

vlan 1 is 10.0.0.0/24

 

 we can ping the servers from inside to the vlan 3 no issues......but we cant ping or access any thing from 192.X network

the access-list is allowed on vlan 3 ip any as its trusted network....

The routes are in placed as wel i cant figure it out i never worked on 8.2 but there is NAT configured maybe that is the issues. which is as under

 

global (CO_Services) 1 interface  (this is vlan 3)
global (OUTSIDEINTERNET) 1 interface
nat (inside) 1 10.0.0.0 255.255.255.0

 

 

Guys can someone please help as i am helpless

 

Thanks

 

4 Replies 4

Marius Gunnerud
VIP Advisor VIP Advisor
VIP Advisor

So inside can ping/access CO_Services but CO_Services cannot ping/access inside?

Are you running the security plus license on the ASA? (show version)

If you could do a packet tracer and post the output here

packet-tracer input OC_Services tcp 172.168.1.10 12345 10.0.0.10 80 detail

This should give us an indication of if the ASA is blocking the traffic.

Also, would help to see the full configuration (sanitised) of the 5505.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Hi

 

error...is i gues RFP

 

can you plz advise

 

Phase: 8
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside) 1 10.0.0.0 255.255.255.0
  match ip inside 10.0.0.0 255.255.255.0 CO_Services any
    dynamic translation to pool 1 (172.168.1.1 [Interface PAT])
    translate_hits = 721, untranslate_hits = 112
Additional Information:
<--- More --->
              

Result:
input-interface: CO_Services
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

The_guroo_2
Explorer
Explorer

Hi

 

error...is i gues RFP

 

can you plz advise

 

Phase: 8
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside) 1 10.0.0.0 255.255.255.0
  match ip inside 10.0.0.0 255.255.255.0 CO_Services any
    dynamic translation to pool 1 (172.168.1.1 [Interface PAT])
    translate_hits = 721, untranslate_hits = 112
Additional Information:
<--- More --->
              

Result:
input-interface: CO_Services
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

The RFP error means that the source address you configured is not found through the source interface, or that is what it normally means. 

Could you please post the full output of the packet tracer including the packet-tracer command.

Also please posts a full running config (sanitised) of the ASA.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: