09-28-2010 04:09 AM - edited 03-11-2019 11:46 AM
Hello everyone!
Trying to set up ASA5505 as a secondary gateway to be used exclusively by couple of users.
Config:
pb-gw2# sh run
: Saved
:
ASA Version 8.0(2)
!
hostname pb-gw2
enable password mjgSKfuQzL4x1LLu encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.5 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 81.21.95.13 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
nat (inside) 10 192.168.10.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 81.21.95.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
username admin password RS6hkLNrh/9fCzGC encrypted privilege 15
prompt hostname context
Cryptochecksum:1b5605e2b56c89a44da32bf733cb9a20
: end
pb-gw2#
________________________________
I want to use NAT overload from internal network to external using ASA's external IP address 81.21.95.13.
Problem is that when I set up network adapter on my laptop and use inside interface as a default gateway, I cannot ping external hosts (for example 81.21.95.9), but can browse internet.
Please advise, may be there is something wrong in config? Config was written manually in CLI, without ASDM.
Thanks in advance
Solved! Go to Solution.
09-28-2010 04:25 AM
Yes, please kindly add icmp inspection:
policy-map global_policy
class inspection_default
inspect icmp
Hope that helps.
09-28-2010 04:25 AM
Yes, please kindly add icmp inspection:
policy-map global_policy
class inspection_default
inspect icmp
Hope that helps.
09-28-2010 04:32 AM
Thanks a lot, Jennifer.
Your solution worked!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide