I have a asa 5505, thats been working fine for a year and today it stopped working. I can't ping from any interface and none of my client can get out to the internet. Not sure what happened.
I can cant ping from the asa to any outside ip address
From the gateway/cable modem I can ping the outside.
I have a second Pfsense firewall thats working fine and can calso reach the outside
I got it to work by adding a rule that allows inside traffice from the local network, using the network object, out. WHy did this happen? It was working fine for a year and all of a sudden it stopped working. Packet tracer, showed that traffice was being blocked by an a global implicit rule,
global (implicit rule)
any | any | ip | deny
I would have to say that either
Its pretty hard to say without seeing the before and after configurations and also seeing the "packet-tracer" outputs
I have never run into a situation where the ASA would simply stop passing traffic through it.
Im not sure either, im restoring a known good backup configuration. It may have been an issue with the ISP. I think it was an IPS issue and while i was messing around with the firewall rules. they fixed the issue. After restoring the configuration, things are still working fine.
Let me ask you, since I am a big n00b when it comes to asas . Is there suppose to be an implicit rule: all traffic to less secure networks? At the beginngin of the ACLS? This rule appears to allow all inside traffic out. Only thing that throws me off is that it says (1 implicit incoming) , is this allow all outside traffice in? Does this look right?
As long as an interface on the ASA doesnt have any ACL attached to it the "security-level" of the interfaces determines to where it hosts behind it can connect to. Basically the hosts behind the interface with no ACL attached can connect to any networks located behind an interface which "security-level" is lower.
If the interface has an ACL attached then the ACL controls which traffic is allowed through.
Every ACL always has an Implicit Deny at the end which basically means that if the traffic was not allowed in the ACL rules then it will be blocked.