Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
1
Replies

ASA Firewalls

Shuffle
Level 1
Level 1

‎06-03-2023 10:07 PM

Hello,

Needing help as my CBR LAN is unable to ping my AUS DMZ, I notice the ASA Firewall can ping the DMZ but it can't ping the LAN. I'm not finished with my network so in the VLSM table I provide many things that are not included in the packet tracer file. SYD and MELB should be able to ping the DMZ in Canberra, but should not be able to ping any LANs.

PKT: https://drive.google.com/file/d/1Q9sjc2aubDlSUs0GpB2izWG8ICG_vaEi/view?usp=sharing

 

Subnet Description

Public Network Address

Number of Host created

Subnet Mask

1st Public Usable Host Address

last Public Usable Host Address 

Broadcast 

Headquarters (CBR)

128.0.0.0

1022

255.255.252.0

128.0.0.1

128.0.3.254

128.0.3.255

Branch Office (SYD)

128.0.4.0

510

255.255.254.0

128.0.4.1

128.0.5.254

128.0.5.255

Branch Office (MEL)

128.0.6.0

510

255.255.254.0

128.0.6.1

128.0.7.254

128.0.7.255

Branch Office (LDN)

128.0.8.0

510

255.255.254.0

128.0.8.1

128.0.9.254

128.0.9.255

Branch Office (NY)

128.0.10.0

510

255.255.254.0

128.0.10.1

128.0.11.254

128.0.11.255

Admin (CBR)

128.0.12.0

126

255.255.255.128

128.0.12.1

128.0.12.126

128.0.12.127

Admin (SYD)

128.0.12.128

126

255.255.255.128

128.0.12.129

128.0.12.254

128.0.12.255

Admin (MELB)

128.0.13.0

126

255.255.255.128

128.0.13.1

128.0.13.126

128.0.13.127

Admin (LDN)

128.0.13.128

126

255.255.255.128

128.0.13.129

128.0.13.254

128.0.13.255

Admin (NY)

128.0.14.0

126

255.255.255.128

128.0.14.1

128.0.14.126

128.0.14.127

Reception (AU)

128.0.14.128

62

255.255.255.192

128.0.14.129

128.0.14.190

128.0.14.191

Reception (SYD)

128.0.14.192

62

255.255.255.192

128.0.14.193

128.0.14.254

128.0.14.255

Reception (MELB)

128.0.15.0

62

255.255.255.192

128.0.15.1

128.0.15.62

128.0.15.63

Reception (LDN)

128.0.15.64

62

255.255.255.192

128.0.15.65

128.0.15.126

128.0.15.127

Reception (NY)

128.0.15.128

62

255.255.255.192

128.0.15.129

128.0.15.190

128.0.15.191

DMZ (AU)

128.0.15.192

62

255.255.255.192

128.0.15.193

128.0.15.254

128.0.15.255

DMZ (LDN)

128.0.16.0

62

255.255.255.192

128.0.16.1

128.0.16.62

128.0.16.63

DMZ (NY)

128.0.16.64

62

255.255.255.192

128.0.16.65

128.0.16.126

128.0.16.127

ASA/Firewall

128.0.16.128

62

255.255.255.192

128.0.16.129

128.0.16.190

128.0.16.191

Labels:
0 Helpful
1 Reply 1

Flavio Miranda
VIP
VIP

‎06-04-2023 04:37 AM - edited ‎06-04-2023 07:27 AM

Hi @Shuffle 

 I have focused on to fix the problem "Needing help as my CBR LAN is unable to ping my AUS DMZ". I did not look anything else.

About the problem "Needing help as my CBR LAN is unable to ping my AUS DMZ" it was related to the DHCP server on the ASA.

It seems the ASA was acting weird with DHCP server enable and not replying  ping end not pinging anything.

I came up with a different topology as you can see on the file attached.  I added a DHCP server and a Router on the LAN. The reason if to let the ASA do what Firewall is suppose to do: Filter. And the router is responsible to routing. I also braek up your departments in different Vlans with different network segment and which department get its own IP range.

 

 Take a look on the file.

ASA Firewall_v3.zip
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card