04-02-2009 06:17 PM - edited 03-11-2019 08:14 AM
I want to start by thanking everyone for taking the time to ready this. We currently have a Fortigate firewall in place. We have multiple VLANS seperating our voip phone system from the rest of our traffic, and we also seperate out our guest wireless network. We just bought an ASA 5540. I have setup ASA's before and I seem to always miss one little detail and Im so mad at myself when I contact the TAC and they fix it within mins. So hopefully someone here can help me. I can ping the internal interface but nothing past that from the inside.
04-02-2009 06:40 PM
try removing all of your icmp acl's and access-group commands.
instead try turning on icmp inspection globally:
policy-map global_policy
class inspection_default
inspect icmp
04-02-2009 06:57 PM
I should have been more detailed on my problem. It isnt just ICMP that is not getting from the inside to the rest of the world. Its everything. I know my default route is right because Im able to ping the outside interface from a machine out on the web.
04-02-2009 07:03 PM
are the interface names in the nat statement correct. I don't see an ip-address assigned to interface named as Inside.
global (Outside) 1 interface
nat (Inside) 1 0.0.0.0 0.0.0.0 outside
04-02-2009 07:53 PM
do I have to add the Nat (Interface) 1 0.0.0.0 0.0.0.0 outside for each Vlan?
04-02-2009 09:30 PM
nat (Internal) 1 0.0.0.0 0.0.0.0
nat (Vlan_Phones) 1 0.0.0.0 0.0.0.0
global (Outside) 1 interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide