06-08-2007 11:31 AM - edited 03-11-2019 03:27 AM
We have a network in another state with subnet 192.168.50.0, 192.168.51.0 and 192.168.52.0.
I am trying to allow them to talk to the network we setup with the ASA device.
I am unable to get the 10.10.11.0 subnet to talk to the 192.168.50.0, 192.168.51.0 and 192.168.52.0 subnets.
I added one other interface to the ASA device and plugged it in but we are receiving no packets on ethernet 0/2
Please let me know how we can get it to work properly.
Below is the config file:
hostname xxxx
enable password xxxxxxxxxxx
encrypted
names
dns-guard
!
interface Ethernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 192.168.1.xx 255.255.255.0
!
interface Ethernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 10.10.11.xx 255.255.255.0
!
interface Ethernet0/2
speed 100
duplex full
nameif PA
security-level 100
ip address 192.168.50.xxx 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
!
passwd 5wyJZrN0zZZDiHA6 encrypted
ftp mode passive
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended permit ip any any
pager lines 24
mtu outside 1500
mtu inside 1500
mtu PA 1500
no failover
no asdm history enable
arp timeout 14400
static (inside,outside) 10.10.11.0 10.10.11.0 netmask 255.255.255.255
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 outside
ssh timeout 60
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:4cd1c11a4e23d4d92ee4ba115255a97a
06-08-2007 11:34 AM
Since the interfaces are the same security level(100) you need
same-security-traffic permit inter-interface
Please rate if this helps.
06-08-2007 11:45 AM
Thanks. All need to do is enter this command and the traffic will be allowed?
06-08-2007 11:47 AM
Since the security levels are the same there is no need for access lists.
06-08-2007 11:51 AM
Thanks I'll add that line when I get to the office.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide