Solved: Pinging through ASA from Outside - Page 2

Rolitto · ‎08-02-2020

Hi everyone,

I have this basic scenario:

(LAN) --------- (ASA) ---------- (DSL Router) ---------- (Internet)

I am able to ping the DSL Router from the LAN but not vice versa. Is it a common case with the ASA deployed in between or am I missing something?

I have an explicitly written extended ACL to permit ip any any.

Any sharing thought is appreciated, thank you.

Thien are Margo · ‎05-12-2024

Please help me, I am student of university of since in Vietnam. I have a problem about pinging through ASA. I cannot ping from PC2 from outside to 4.0.0.1 of DMZ or 8.0.0.1 of inside although I can ping from DMZ via inside. Can also ping from DMZ and inside to google successfully. I think the problem is related to setting up NAT from the outside in

ASA:

ena
conf t
hostname Asa1

int g0/6
nameif inside1
security-level 100
ip add dhcp
no shut

username thien password 123 privilege 15
http server enable
http 0 0 inside1
exit

int g0/1
nameif DMZ
security-level 50
ip add 4.0.0.254 255.0.0.0
no shut
exit

int g0/2
nameif inside
security-level 100
ip add 8.0.0.254 255.0.0.0
no shut
exit

int g0/0
nameif outside
security-level 0
ip add 3.0.0.254 255.0.0.0
no shut
exit

int g0/3
nameif winter
security-level 50
ip add 9.0.0.254 255.0.0.0
no shut
exit
--------------------------------------------DMZ

object network LAN_DMZ
host 4.0.0.1
nat (DMZ,outside) static 3.0.0.10
exit

object network OUT
host 4.0.0.1
nat (DMZ,winter) static 9.0.0.10
exit

object network LAN_INSIDE
host 8.0.0.1
nat (inside,outside) static 3.0.0.10
exit
route outside 0.0.0.0 0.0.0.0 3.0.0.2

object network OUT_DMZ
no subnet 3.0.0.0 255.0.0.0

--------------------------------------------------------COnf domain

dns domain-lookup outside
dns server-group DefaultDNS
name-server 192.168.27.2
name-server 8.8.8.8
domain-name google.com
exit

--------------------------------------------------------ko can de ping den google
class-map inspection_default
match default-inspection-traffic
exit

policy-map global_policy
class inspection_default
inspect icmp
inspect icmp error
exit
service-policy global_policy global

--------------------------------------------------------------------------

access-list PING extended permit ip any any
access-list PING extended permit icmp any any
access-list PING extended permit tcp any any
access-group PING in interface outside

access-list dmz extended permit ip any any
access-list dmz extended permit icmp any any
access-list dmz extended permit tcp any any
access-group dmz in interface DMZ

R2

ena
conf t
int f1/0
ip add 2.0.0.2 255.0.0.0
no shut

int f0/1
ip dhcp
no shut

int s3/0
ip add 5.0.0.2 255.0.0.0
no shut

int f0/0
ip add 3.0.0.2 255.0.0.0
no shut

int f4/0
ip add 4.0.0.2 255.0.0.0
no shut

username thien password 123
ip domain-name thien.vn
enable password 123
line vty 0 4
login local
transport input ssh
exit
ip ssh version 2
crypto key generate rsa
1024

router ospf 1
router-id 2.2.2.2
net 2.0.0.0 0.255.255.255 area 0
net 5.0.0.0 0.255.255.255 area 0
net 3.0.0.0 0.255.255.255 area 0
net 4.0.0.0 0.255.255.255 area 0
default-information originate
exit

interface Loopback0
ip add 10.10.2.1 255.255.255.0
exit

---------------------------------

ip name-server 192.168.27.2
ip name-server 8.8.8.8
ip domain lookup

DMZ

ena
conf t
int f0/1
ip add 4.0.0.1 255.0.0.0
no shut
ip route 0.0.0.0 0.0.0.0 3.0.0.254

username thien password 123
ip domain-name thien.vn
enable password 123
line vty 0 4
login local
transport input ssh
exit
ip ssh version 2
crypto key generate rsa
1024

ip name-server 192.168.27.2
ip name-server 8.8.8.8
ip domain lookup

SERVER:

ena
conf t
int f0/0
ip add 8.0.0.1 255.0.0.0
no shut
exit
ip route 0.0.0.0 0.0.0.0 8.0.0.254

username thien password 123
enable password 123
ip domain name thien.vn
line vty 0 4
login local
transport input ssh
exit
ip ssh version 2
crypto key generate rsa
1024

ip name-server 192.168.27.2
ip domain lookup
ip name-server 8.8.8.8

MHM Cisco World · ‎05-12-2024

Make new post it better

MHM