Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2469
Views
5
Helpful
28
Replies

ASA 5510 ccna security lab setup problem

Go to solution
sany98
Level 1
Level 1

‎12-27-2018 04:51 PM - edited ‎02-21-2020 08:36 AM

Hi

I'm heaving problem with my lab/asa setup. I can access (ping/https) asa/asdm from my home pc 192.168.1.15 but i cant ping or telnet to subnets 192.168.2, 192.168.3 and 192.168.4. I want to be able to access and configure my routers from my home pc, i know that it has something to do with outside to inside and other way but don't know ho to fix it. 

 

PC1, 2 and 3 have internet access from the ASA. PCs can ping to each other and ping to inside interface. RIP is enabled on all routers and on the ASA and all routers have default route to ASA. Here is problem that I cant access the ASDM on outside interface 192.168.1.133 and ping doesn't work either. Can anyone please help me?

My lab is located in the basement so that's why i want to be able to access everything from my home pc.

 

Namnlös.png

0 Helpful
28 Replies 28

Go to solution
sany98
Level 1
Level 1
In response to Marius Gunnerud

‎12-29-2018 01:53 PM

LAN only IP settings. On Wireless only name, password etc.
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to sany98

‎12-29-2018 02:02 PM

Then I would suggest looking through the user guide / configuration guide for your router and if those don't provide any clues perhaps contact the router support team.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
sany98
Level 1
Level 1
In response to Marius Gunnerud

‎12-30-2018 12:07 PM - edited ‎12-30-2018 12:07 PM

I've updated the router firmware to more advanced and managed to put static routes to inside subnets and now everything works. Just one new minor problem. I've installed Cisco ACS on subnet 192.168.3.0 but can't access it from home pc 192.168.1.0 on outside network. I've added the http and ssh lines on both outside and inside interface but it doesn't work. Only works from inside networks 192.168.2-4. 

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to sany98

‎12-30-2018 12:26 PM

You said you added ACL entry for HTTP, but ACS uses HTTPS.  Update your ACL entry and test again.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
sany98
Level 1
Level 1
In response to Marius Gunnerud

‎12-31-2018 03:40 AM

I meant HTTPS but that was not the issue. Windows firewall was blocking the traffic. When i disable FW it works, i can access Cisco ACS on 192.168.3.133 and other routers using https on inside networks. When FW enabled nothing works. Whats weird is that HTTPS to asdm on 192.168.1.133 works without problem even with windows firewall enabled (maybe because its on same network). I've tried to add rule in firewall to allow inbound connections for 443 but it doesn't work. This is so frustrating, you solve one problem but the other one occurs :(..

0 Helpful

Go to solution
sany98
Level 1
Level 1
In response to sany98

‎01-01-2019 02:38 AM

If anyone knows how to fix this issue with windows firewall please help because it's driving me mad. I don't want to disable firewall every time I need to change/access something. 

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to sany98

‎01-01-2019 05:04 AM

You mean windows firewall on the PC you are initiating the connection from? or the windows firewall on the PC you have installed ACS on?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
sany98
Level 1
Level 1
In response to Marius Gunnerud

‎01-01-2019 05:52 AM

Yes, windows firewall on Home-PC blocks the traffic. When firewall disabled, everything works. 

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to sany98

‎01-01-2019 06:12 AM

If you go to windows firewall > Advanced Settings and in the window that pops up go to outbound rules and add a new rule for the programs you are using (ASDM and the terminal emulator).  Then test.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
sany98
Level 1
Level 1
In response to Marius Gunnerud

‎01-01-2019 06:26 AM

ASDM works. FW blocks telnet and https to inside networks. Ive tried to add inbound and outbound rules on ports but will try you suggestion and open for programs.

0 Helpful

Go to solution
sany98
Level 1
Level 1
In response to Marius Gunnerud

‎01-01-2019 06:48 AM

i have now tried with both inbound and outbound rules for internet explorer and putty and it didn't worked.

0 Helpful

Go to solution
sany98
Level 1
Level 1
In response to Marius Gunnerud

‎01-01-2019 07:18 AM

I believe that firewall blocks everything that is not on same subnet, but how to allow that traffic in firewall it looks like its impossible.
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to sany98

‎01-01-2019 07:24 AM

Check out this link...seems to be the same issue you are experiencing

https://superuser.com/questions/1087392/windows-firewall-blocking-ssh-to-secondary-subnet

--
Please remember to select a correct answer and rate helpful posts

Go to solution
sany98
Level 1
Level 1
In response to Marius Gunnerud

‎01-01-2019 08:02 AM

THANK YOU KING! I have googled for 2 days now and I don't know how i missed that one! Problem was that after you create rule you need to edit the same rule to add subnets and other stuff. Thank you once again!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card