Hi there
I built a network in packet tracer with two computers, one router and one firewall.
But unfortunately, I am not able to ping from the first computer to the second computer.
Between the first computer and the firewall, there is a "192.168.3.0/24" network
Between the firewall and the router, there is a "209.165.200.224/30" network
and between the router and the second computer, there is a "209.165.201.0/24" network
I assigned both PCs a static IP-address:
The first PC has the following static ip-address: "192.168.3.3"
and the second PC has the following static ip-address: "209.165.201.254"
I defined a router on the firewall with the following command:
route outside 0.0.0.0 0.0.0.0 209.165.200.225
And I also defined a NAT on the firewall with the following commands:
object network INSIDE
subnet 192.168.3.0 255.255.255.0
nat (inside,outside) dynamic interface
And I also created a rule on the firewall to let ICMP get through.
class-map inspection_default
match default-inspection-traffic
exit
policy-map global_policy
class inspection_default
inspect icmp
exit
service-policy global_policy global
The out of the "show run" command of the firewall looks as followed:
: Saved
:
ASA Version 9.6(1)
!
hostname ciscoasa
names
!
interface GigabitEthernet1/1
nameif inside
security-level 100
ip address 192.168.3.2 255.255.255.0
!
interface GigabitEthernet1/2
nameif outside
security-level 0
ip address 209.165.200.226 255.255.255.252
!
interface GigabitEthernet1/3
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
shutdown
!
object network INSIDE
subnet 192.168.3.0 255.255.255.0
nat (inside,outside) dynamic interface
!
route outside 0.0.0.0 0.0.0.0 209.165.200.225 1
!
!
!
!
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect tftp
!
service-policy global_policy global
!
telnet timeout 5
ssh timeout 5
!
!
!
!
And the "show-run" command on the router looks as followed:
Building configuration...
Current configuration : 723 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX1524CEV3-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 209.165.200.225 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 209.165.201.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Thank you very much in advance
