Solved: Re: ASA 5520 Blocking all traffic

marcelo_ca · ‎11-01-2017

Hi everyone! I'm a college student and new to Cisco firewalls. This is my first project using ASA5520 and I'm having some issues. The firewall part is pretty basic but I'm not being able to accomplish the task. On my OUTSIDE zone I have a network using OSPF, RIPv2, and Internet Tunnel, everything runs smoothly, all dynamic routes are working, ping, SSH access and so on. On my INSIDE network a have two servers, one FTP and one Webserver (Apache). After configuring my ASA, I can see that all dynamic routes are created successfully, and from ASA the command traceroute works to anywhere on my network INSIDE or OUTSIDE. Now comes the problem, I can't access my servers from OUT to IN and from my servers I can't reach anything at OUTSIDE zone, none of the commands work (ping, tracert from stations or routers). I'm attaching the configurations for all devices and my network topology as well. Any kind of help or suggestion will be very appreciated. Thank you!

Marius Gunnerud · ‎11-01-2017

The firewall doesn't have a default route. You will either need to configure it manually or add the "default-information originate" command on R1 under the ospf 1 process.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Flavio Miranda · ‎11-01-2017

Hi @marcelo_ca

Try this:

interface gi0/0
nameif OUTSIDE
security-level 0
ip add 172.16.1.2 255.255.255.252
ip nat OUTSIDE
no shut

interface gi0/3
nameif INSIDE
security-level 100
ipp add 172.16.0.81 255.255.255.240
ip nat INSIDE
no shut

-If I helped you somehow, please, rate it as useful.-

marcelo_ca · ‎11-01-2017

Hi Flavio, thanks for replying.
It didn't work.
I did a test using the same configuration on the firewall but with only one PC as outside network, and it worked perfectly. Any other suggestion? I'll try to erase and do all the configuration again. Thank you.

Flavio Miranda · ‎11-01-2017

Take a look in routing. I didn´t see it on your config.

You may need a default route point to your gateway for access coming from outside.

-If I helped you somehow, please, rate it as useful.-

Marius Gunnerud · ‎11-01-2017

The firewall doesn't have a default route. You will either need to configure it manually or add the "default-information originate" command on R1 under the ospf 1 process.

--
Please remember to select a correct answer and rate helpful posts

marcelo_ca · ‎11-02-2017

Hi, thank you very much for helping. It's working now, except for R2 network which is on the other side of the Tunnel0. From the Firewall I can traceroute to the Router and PC but I can't connect on my FTP Server from PC. Is any other way of setting a Tunnel, I guess that static route used for the Tunnel (ip route 0.0.0.0 0.0.0.0 204.225.107.182). Thank you.

Marius Gunnerud · ‎11-04-2017

Is the tunnel up? can you ping the tunnel interface at the other end? Is R2 receiving a route over OSPF for 172.16.0.80/28?

--
Please remember to select a correct answer and rate helpful posts