Default route :

moussa.malqui1 · ‎10-25-2016

Hi all,

my architecture is :

and my ASA config is:

interface GigabitEthernet0
nameif outside
security-level 0
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 10.30.60.1 255.255.255.0
!
interface GigabitEthernet2
nameif dmz
security-level 50
ip address 10.30.61.1 255.255.255.0
!
ftp mode passive
object network inside-subnet
subnet 10.30.60.0 255.255.255.0
object network dmz-subnet
subnet 10.30.61.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
!
object network inside-subnet
nat (inside,outside) dynamic interface
object network dmz-subnet
nat (dmz,outside) dynamic interface

but ping is not work from R3 (inside) to R2 (outside)

thanks in advance,

Regards,

MM

Pawan Raut · ‎10-25-2016

Check below things.

1) Do you have default route or return route towards ASA on both router?

2) Do you have command "same-security-traffic permit inter-interface" in ASA config if not you have to add that.

Kindly rate for useful post

moussa.malqui1 · ‎10-26-2016

Tahnks Pawan for your reply,

How i can adjust default route?

Regards,

MM

Pawan Raut · ‎10-26-2016

give me the output sh ip route from both router

moussa.malqui1 · ‎11-02-2016

R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 10.30.60.0 is directly connected, FastEthernet0/0

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.2.0/24 is directly connected, FastEthernet0/0

Thanks Pawan,

Ragards,

MM

Pawan Raut · ‎11-02-2016

You do not have route to reach each other please add below route.

on R1

ip route 192.168.2.0 2 255.255.255.0 10.30.60.1

and on R2

ip route 10.30.60.0 255.255.255.0 192.168.2.1

moussa.malqui1 · ‎11-02-2016

I tried that but don't working

R3#ping 192.168.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

moussa.malqui1 · ‎11-02-2016

can you give me a basic firewall configuration?

Thanks Pawan,

Regards,

MM

Pawan Raut · ‎11-02-2016

Do you have command "same-security-traffic permit inter-interface" in ASA config if not you have to add that

MANI .P · ‎10-26-2016

Default route :

do check the route below on ASA

#route outside 0 0 192.168.2.2

also do check the global service policy inspection

#policy-map global_policy

#inspect icmp

ASA Configuration