04-12-2009 07:20 PM - edited 03-11-2019 08:17 AM
I have one cisco asa5510 and i use the cisco ADSM 5.0 to configure the firewall. and i set the eth0/0 ip as 192.168.1.1/24, eth0/1 ip as 192.168.10.1/24 and running dhcp. the two interface is up and i use the hyperterminal, try to ping from network 192.168.10.0/24, it success. and then i use the xp command promt to ping, unsussess. how this routing should be implement at the ADSM manager? can somebody teach me? thank you.
04-12-2009 09:59 PM
HI STEVEN,
we need some more information such as where is your windows XP computer placed in, is it in E0/0 or E0/1?
by default Cisco ASA configure the E0/0 as outside interface which is Exposed to internet and known as unsecured Zone (0%)and tagged as Vlan 2
and E0/1 and other ports are assigned to Vlan 2 and all interfaces are belongs to inside interface and in firewall aspects that is known as Secured Zone (100%)
as i have mentioned above outside 0% secure and Inside 100%, which are percentage. for example you can ping from inside interface to outside interface and you'll get the reply but you cant ping from outside to inside because firewall will block them by default.
now after you have understand the concept, we have to create a statice route from your ASDM to source 0.0.0.0 and destination also 0.0.0.0 and gateway has to place as 192.168.10.1 if your computers are beside in interface e0/1.
hope this will help you.... please reply us your update...
Thank you
Aadil
04-12-2009 10:24 PM
!
interface Ethernet0/0
nameif Internet
security-level 0
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/1
nameif Local
security-level 1
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
nameif Local2
security-level 2
ip address 192.168.20.1 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 10.0.0.1 255.255.255.0
management-only
!
mtu Internet 1500
mtu Local 1500
mtu management 1500
mtu Local2 1500
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
nat (management) 0 0.0.0.0 0.0.0.0
route Internet 0.0.0.0 0.0.0.0 192.168.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username cisco password 3USUcOPFUiMCO4Jk encrypted
http server enable
http 192.168.1.0 255.255.255.0 Internet
http 192.168.10.0 255.255.255.0 Local
http 10.0.0.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.0 255.255.255.0 Internet
telnet 192.168.10.0 255.255.255.0 Local
telnet 10.0.0.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.10.10-192.168.10.20 Local
dhcpd address 10.0.0.10-10.0.0.20 management
dhcpd dns 202.188.0.133 202.188.1.5
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd domain 10.0.0.1
dhcpd auto_config management
dhcpd enable Local
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:ba81e7dc1530d31ed5c320621727f367
: end
ASA5510(config)# ping 192.168.20.1
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA5510(config)# ping 192.168.20.1
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA5510(config)# ping 202.188.0.133
Sending 5, 100-byte ICMP Echos to 202.188.0.133, timeout is 2 seconds:
No route to host 202.188.0.133
Success rate is 0 percent (0/1)
ASA5510(config)# sh route
S 192.168.0.0 255.255.0.0 [10/0] via 192.168.10.1, Internet
C 192.168.1.0 255.255.255.0 is directly connected, Internet
C 192.168.10.0 255.255.255.0 is directly connected, Local
C 192.168.20.0 255.255.255.0 is directly connected, Local2
ASA5510(config)# sh run
: Saved
:
ASA Version 7.0(7)
!
hostname ASA5510
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
multicast-routing
names
dns-guard
!
interface Ethernet0/0
nameif Internet
security-level 0
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/1
nameif Local
security-level 1
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
nameif Local2
security-level 2
ip address 192.168.20.1 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 10.0.0.1 255.255.255.0
management-only
!
http server enable
http 192.168.1.0 255.255.255.0 Internet
http 192.168.10.0 255.255.255.0 Local
http 10.0.0.0 255.255.255.0 management
thank for the reply, but i can not ping from network local to network local2 in the command promt, i only can ping in the hyperteminal. any command i have to add in before can ping?
04-13-2009 03:04 AM
HI,
in which interface ur PC sitting by???
if ur PC sitting behind the Local2 thn u have to replace the static route from
route Internet 0.0.0.0 0.0.0.0 192.168.10.1 1
to
route local2 0.0.0.0 0.0.0.0 192.168.10.1 1
and make sure if ur connecting to the internet from internet interface u ahve enable the NAT on tht interface
please let us know ur update
AADIL
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide