Thnx sir.

              please tell me, what will the gateway of server.

The gateway for the server would be the ASA inisde interface or if the switch is an L3 switch, it would be the switch interface.

Hope this helps

Thanks,

-Varun

Sir,

it is not working..

Server to juniper and juniper to server:shows request time out.

server to bsnl modem: show request time out.

please find the config below, and suggest me.

Thanks

pawan

!

interface Ethernet0

nameif outside

security-level 0

ip address 192.168.100.200 255.255.255.0

!

interface Ethernet1

nameif inside

security-level 100

ip address 192.168.5.1 255.255.255.0

!

interface Ethernet2

nameif juniper

security-level 0

ip address 10.34.249.50 255.255.255.0

!

interface Ethernet3

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet4

shutdown

no nameif

no security-level

no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list outside-in extended permit icmp any any

access-list outside-in extended permit ip any any

access-list 101 extended permit ip any host 10.34.249.35

pager lines 24

mtu outside 1500

mtu juniper 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 10.34.249.0 255.255.255.0

static (inside,juniper) 10.34.249.35 10.34.249.35 netmask 255.255.255.255

static (inside,juniper) 10.34.249.36 10.34.249.36 netmask 255.255.255.255

access-group outside-in in interface outside

access-group 101 in interface juniper

route outside 0.0.0.0 0.0.0.0 192.168.100.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

!

!

prompt hostname context

Cryptochecksum:00000000000000000000000000000000

: end

Take captures for both the traffics:

access-list cap permit ip host 10.34.249.35 host 192.168.100.1

access-list cap permit ip host 192.168.100.1 host 10.34.249.35

access-list cap permit ip host 192.168.100.1 host 192.168.100.200

access-list cap permit ip host 192.168.100.200 host 192.168.100.1

cap capo access-list cap interface outside

cap capin access-list cap interface inside

for server to inside:

add the following:

global (juniper) 1 interface

access-list 101 extended permit icmp any any

access-list cap1 permit ip host 10.34.249.35 host 20.20.20.20

access-list cap1 permit ip host 20.20.20.20 host 10.34.249.35

access-list cap1 permit ip host 10.34.249.50 host 20.20.20.20

access-list cap1 permit ip host 20.20.20.20 host 10.34.249.50

cap capjun access-list cap1 interface juniper

cap capi access-list cap1 interface inside

After doing this config, initiate pings and then collect these captures.

Check the logs on the ASA, why it is denying traffic.

https://supportforums.cisco.com/docs/DOC-17345#comment-8416

Thanks,

Varun

ASA# sh capture

capture cap type raw-data [Capturing - 0 bytes]

capture capo type raw-data access-list cap interface outside [Capturing - 0 bytes]

capture capin type raw-data access-list cap interface inside [Capturing - 0 bytes]

capture capjun type raw-data access-list cap1 interface juniper [Capturing - 0 bytes]

capture capi type raw-data access-list cap1 interface inside [Capturing - 0 bytes]

route are

ASA#  route outside 0.0.0.0 0.0.0.0 192.168.100.1 1

Server# IP=10.34.249.35     DG gateway is: 192.168.5.1

juniper int 10.34.249.0 is directly connted to ASA e2 interface

Sir please help me.