04-18-2012 08:18 AM - edited 03-11-2019 03:55 PM
hello for best fourms and all members
i bought cisco asa 5540
i have cisco router 2811 with static ip
XX.xx.XX.x/30
and make nat to conected to internet pat nat
and have
XX.xx.XX.x/29 for exchange server
lan ---- asa---router ---internet
i want to confiure asa behind router
i mean leave all configure on cisco router
when i make out side and inside lan all is ok
but all pc conected on inside interface of asa 5540 cannot access to internet
and also cannot ping from pc ip on interface outside i permet icmp in servise poilcy and incpection icmp
but i mean no conection not ping only
can any one help me in this
i configured cisco asa 5540
and i can ping 4.4.4.4
and replay me
but i cannot access to internet from pc conected to lan
and i can ping interface router conected by asa ip 192.168.193.2 but i cannot ping interfce asa 192.168.193.3
this my configuration
-----
config t
interfce g0/0
nameif outside
ip address 192.168.193.3 255.255.255.0
no sh
interface g0/1
nameif inside
ip add 192.168.191.1 255.255.255.0
no sh
--
nat
nat (inside) 1 192.168.191.1 255.255.255.0
global (outside) 1 interface
no nat-control
hostname Global-Firewall
domain-name GlobalInvestment
fixup protocol dns maximum-length 512 fixup protocol ftp 21
fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
exit
http server enable
username cisco password cisco privliged 15
http 0.0.0.0 0.0.0.0 inside
route outside 0.0.0.0 0.0.0.0 192.168.193.2
link digram by paket tracer
http://www.mediafire.com/?4xo3z2goszogcf1
king regards config t
interfce g0/0
nameif outside
ip address 192.168.193.3 255.255.255.0
no sh
interface g0/1
nameif inside
ip add 192.168.191.1 255.255.255.0
no sh
--
nat
nat (inside) 1 192.168.191.1 255.255.255.0
global (outside) 1 interface
no nat-control
hostname Global-Firewall
domain-name GlobalInvestment
fixup protocol dns maximum-length 512 fixup protocol ftp 21
fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
exit
http server enable
username cisco password cisco privliged 15
http 0.0.0.0 0.0.0.0 inside
route outside 0.0.0.0 0.0.0.0 192.168.193.2
link digram by paket tracer
http://www.mediafire.com/?4xo3z2goszogcf1
king regards
04-18-2012 08:52 AM
Hi,
Seems your ASAs outside interface IP address is from private IP address range.
This needs to be public IP address range also as the hosts behind the ASA will use the interface IP address to connect to Internet and the current IP address isnt routable in Internet as its a private address.
You must either have 2 public IP address ranges.
Or you would have to do NAT on the router before the traffic goes to public network.
I'm not sure if I understood the setup correctly
Also seems strange that your configuration includes "fixups" configurations lines. To my understanding those are only for series 6.x software and any ASA would already come with a minimum of series 7.x software.
- Jouni
04-18-2012 09:10 AM
thanks for replay me
i have puplic ip on router
and before install asa all lan work to internet no problems with it
and rouer have nating
and ip nat inside is 192.168.193.0/24
ip puplic is 84.253.40.0/30
84.253.41.0/29 for exchange server and allow port 25
i put asa after router and inteface outside i put it 192.168.193.3/24 ---------192.168.193.2/24 for router
and inside i change subnet to 192.168.191.1/24
and i try to conect to internet but no ping no browese no internet
i try to but nating in configration but i think configration missed access-list or something wrong
wait for help
best regards
04-18-2012 11:12 AM
Hi Mohammad,
This is not the complete configration, can you provide the output of "show running-config" from the ASA??
Thanks,
Varun
04-18-2012 11:27 AM
can you please give me runing config for my senaro
full configration
lan--- asa ---- router----internet
i just wana lan access to internet
and send and recive exchange mail server
i want fully runing -confige for this lab
can any one help me
best regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide