Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1207
Views
0
Helpful
0
Replies

asa 5505 transparent mode second bvi not reaching internet

C Garstka
Level 1
Level 1

‎02-13-2019 06:28 PM - edited ‎02-21-2020 08:48 AM

I am stuck configuring my ASA 5505 in transparent mode.  When I use the management subnet (inside1) I can reach the internet and all is well.  When I am using inside2 (different subnet) I can't. From the console I can ping both subnets and the internet. I am guessing it's a NAT or ACL issue but I'm not sure how to fix it. Thanks!

 

 

 
: Serial Number: 
: Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.2(4) 
!
firewall transparent
hostname 
domain-name 
enable password 
names
!
interface Ethernet0/0
 switchport access vlan 2
 switchport trunk allowed vlan 1-2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
 switchport access vlan 3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside1
 bridge-group 1
 security-level 100
!
interface Vlan2
 nameif outside
 bridge-group 1
 security-level 0
!
interface Vlan3
 nameif inside2
 bridge-group 2
 security-level 100
!
interface BVI1
 ip address 10.1.10.3 255.255.255.0 standby 10.1.10.2 
!
interface BVI2
 ip address 192.168.1.2 255.255.255.0 standby 192.168.1.1 
!
boot system disk0:/asa924-k8.bin
ftp mode passive
dns domain-lookup inside1
dns domain-lookup inside2
dns server-group DefaultDNS
 name-server 8.8.8.8
 name-server 8.8.8.4
 domain-name 
same-security-traffic permit inter-interface
object network outside-ip
 host 10.1.10.1
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object ip
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
 protocol-object ip
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 10.1.10.0 255.255.255.0 any 
access-list inside2_access_in extended permit object-group DM_INLINE_PROTOCOL_2 192.168.1.0 255.255.255.0 any 
pager lines 24
logging enable
logging asdm informational
mtu inside1 1500
mtu outside 1500
mtu inside2 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-792-152.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
access-group inside_access_in in interface inside1
access-group inside2_access_in in interface inside2
route outside 0.0.0.0 0.0.0.0 10.1.10.1 1
route inside1 10.1.10.0 255.255.255.0 10.1.10.1 1
route inside2 192.168.1.0 255.255.255.0 10.1.10.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL 
http server enable
http 10.1.10.0 255.255.255.0 inside1
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 10.1.10.0 255.255.255.0 inside1
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd domain 
dhcpd option 3 ip 192.168.1.2
!
dhcpd address 192.168.1.10-192.168.1.230 inside2
dhcpd enable inside2
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
arp-inspection inside1 enable flood
username password 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
!
service-policy global_policy global
prompt hostname context 
no call-home reporting anonymous
Cryptochecksum:c5c6f5ed4d6decc23c9a09548cfa864c
: end
asdm image disk0:/asdm-792-152.bin
no asdm history enable
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card