11-01-2017 10:13 AM - edited 02-21-2020 06:37 AM
Hi everyone! I'm a college student and new to Cisco firewalls. This is my first project using ASA5520 and I'm having some issues. The firewall part is pretty basic but I'm not being able to accomplish the task. On my OUTSIDE zone I have a network using OSPF, RIPv2, and Internet Tunnel, everything runs smoothly, all dynamic routes are working, ping, SSH access and so on. On my INSIDE network a have two servers, one FTP and one Webserver (Apache). After configuring my ASA, I can see that all dynamic routes are created successfully, and from ASA the command traceroute works to anywhere on my network INSIDE or OUTSIDE. Now comes the problem, I can't access my servers from OUT to IN and from my servers I can't reach anything at OUTSIDE zone, none of the commands work (ping, tracert from stations or routers). I'm attaching the configurations for all devices and my network topology as well. Any kind of help or suggestion will be very appreciated. Thank you!
Solved! Go to Solution.
11-01-2017 04:10 PM
The firewall doesn't have a default route. You will either need to configure it manually or add the "default-information originate" command on R1 under the ospf 1 process.
11-01-2017 10:57 AM
Hi @marcelo_ca
Try this:
interface gi0/0
nameif OUTSIDE
security-level 0
ip add 172.16.1.2 255.255.255.252
ip nat OUTSIDE
no shut
interface gi0/3
nameif INSIDE
security-level 100
ipp add 172.16.0.81 255.255.255.240
ip nat INSIDE
no shut
-If I helped you somehow, please, rate it as useful.-
11-01-2017 11:59 AM
11-01-2017 01:03 PM
Take a look in routing. I didn´t see it on your config.
You may need a default route point to your gateway for access coming from outside.
-If I helped you somehow, please, rate it as useful.-
11-01-2017 04:10 PM
The firewall doesn't have a default route. You will either need to configure it manually or add the "default-information originate" command on R1 under the ospf 1 process.
11-02-2017 11:53 AM
11-04-2017 04:08 PM
Is the tunnel up? can you ping the tunnel interface at the other end? Is R2 receiving a route over OSPF for 172.16.0.80/28?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide