12-10-2012 04:05 PM - edited 03-11-2019 05:35 PM
Background: I have a couple of ASA 5510's I'm going to put in our lab environment. I have restored them to default config and set up the m0/0 interface with an ip/mask and started the http server. My lab environment is on the 10.45 subnet and my .com corporate environment is on the 10.40 subnet. I've also setup DNS and, from the ASA, can ping anything in the 10.45 subnet.
The problem, is that from the ASA, I can not ping the internet or my 10.40 subnet. And vice versa, I cannot ping the ASA from my 10.40 subnet. When I bring up a regular server, there is no special configuration I need to do as those subnets talk to each other and nothing is restricted.
Is there something special I need to do go get it to work? I tried adding a access list to allow icmp, but that didn't seem to work.
Oh, and I'm getting to the ASA by RDPing into a lab server (on 10.45) then putty to the ASA.
Any thoughts or suggestions are appreciated.
Thanks
12-10-2012 05:02 PM
Can you post your config ?
12-11-2012 08:44 AM
Sure thing...oh and how do I remove the extra http lines?
LAB-ASA2(config)# show config
: Saved
: Written by enable_15 at 20:57:08.953 UTC Mon Dec 10 2012
!
ASA Version 8.0(3)
!
hostname LAB-ASA2
domain-name azdev.local
enable password Oa3q1NIIlGy4tuwv encrypted
names
dns-guard
!
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
shutdown
<--- More --->
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
description Mgmt Interface 10.45.100.31
nameif MGMT
security-level 100
ip address 10.45.100.31 255.255.0.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa803-k8.bin
boot system disk0:/asdm506.bin
boot system disk0:/clear
boot system disk0:/
boot config disk0:/disk0
ftp mode passive
dns domain-lookup MGMT
<--- More --->
dns server-group DefaultDNS
name-server 10.45.20.2
name-server 10.45.20.5
domain-name azdev.local
access-list ICMP_ALLOW extended permit icmp any host 10.0.0.0 echo-reply
pager lines 24
mtu MGMT 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-615.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 MGMT
http 10.0.0.0 255.0.0.0 MGMT
http 10.45.0.0 255.255.0.0 MGMT
http redirect MGMT 80
no snmp-server location
<--- More --->
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 MGMT
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!
prompt hostname context
Cryptochecksum:32f61c055ddfac405650599400069515
LAB-ASA2(config)#
12-11-2012 08:49 AM
Hi,
I cant see any of the usual interface configured. Only the management?
There is also no route through the management interface for networks belonging to range 10.40.x.x/yy
The management interfaces network range also doesnt include networks 10.40.x.x/yy
EDIT: You can remove the "http" configuration lines with command "no" and the configuration line you want to remove.
- Jouni
12-11-2012 09:02 AM
Correct, I only reset it to default and am only getting the mgmt interface up.
How do I make the route and other correction?
Thanks
12-11-2012 09:06 AM
Hi,
Basic configuration format for routes is
route
Where
- Jouni
12-11-2012 12:45 PM
I think it worked, but I'm unable to check right now since I am remote. I could test if I also enable ipv6 to run in conjunction with 4v. Any advice on how to get that setup?
Thanks
12-11-2012 12:53 PM
Hi,
Sorry, still not that familiar with ipv6
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide