Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8917
Views
0
Helpful
13
Replies

Firewall configuration packet tracer

networkjock
Level 1
Level 1

‎02-18-2020 08:11 AM

Hi,

 

I want to connect two LAN networks through a ASA firewall allowing a host on one network to ping a host on the other and allow all mail and web traffic between the two networks. How do i set up the firewall configuration to allow traffic both in and out of both LANs.

 

Please can you help!?

 

Thanks

1 person had this problem
0 Helpful
13 Replies 13

Georg Pauwen
VIP
VIP

‎02-18-2020 08:21 AM

Hello,

 

post your zipped.pkt file...

0 Helpful

networkjock
Level 1
Level 1
In response to Georg Pauwen

‎02-21-2020 05:13 AM

Attached file to zip

ICMP_HTTP_MAIL.zip
0 Helpful

Georg Pauwen
VIP
VIP
In response to networkjock

‎02-21-2020 06:42 AM

Hello,

 

this is the file that I sent you. What is not working ? You have to wait for a few minutes after opening the file in order for everything to converge.

 

I can ping 192.168.10.2 and 192.168.10.3 from 192.168.30.2 (the PC)...

0 Helpful

networkjock
Level 1
Level 1
In response to Georg Pauwen

‎02-21-2020 07:31 AM

Sorry attached the wrong file

Project.zip
0 Helpful

Georg Pauwen
VIP
VIP
In response to networkjock

‎02-21-2020 07:54 AM

Hello,

 

there is no ASA in the project you have attached...what is the objective ?

0 Helpful

networkjock
Level 1
Level 1
In response to Georg Pauwen

‎02-21-2020 07:59 AM

I would like to add an ASA firewall between the two networks, HQ and Branch. I would still like to be able to send/receive emails and access the web server from all end-point devices.

0 Helpful

Georg Pauwen
VIP
VIP
In response to networkjock

‎02-21-2020 08:15 AM

I cannot edit the devices, configs are locked. Try to put the firewall in between the routers and use the config below. Make sure to configure the corresponding router interfaces with the next hop IP addresses that the firewall uses for the static routes. On the router, configure static default routes pointing to the firewall's corresponding interface.

 

In Packet Tracer, use the ASA5506-X, not the 5505.

 

ASA Version 9.6(1)
!
hostname ciscoasa
names
!
interface GigabitEthernet1/1

description Link to AKCBranchRouter
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet1/2

description Link to AKCHQRouter
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
!
route outside 10.0.0.0 255.0.0.0 192.168.1.2

route inside 30.0.0.0 255.0.0.0.0 192.168.0.2
!
access-list ICMP_HTTP_SMTP_POP3 extended permit icmp any any echo-reply
access-list ICMP_HTTP_SMTP_POP3 extended permit tcp any any eq www
access-list ICMP_HTTP_SMTP_POP3 extended permit tcp any any eq pop3
access-list ICMP_HTTP_SMTP_POP3 extended permit tcp any any eq smtp
access-list ICMP_HTTP_SMTP_POP3 extended permit icmp any any echo
!
access-group ICMP_HTTP_SMTP_POP3 in interface outside
!
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
inspect dns
inspect http
inspect icmp
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
!
service-policy global_policy global
!
telnet timeout 5
ssh timeout 5

0 Helpful

networkjock
Level 1
Level 1
In response to Georg Pauwen

‎02-21-2020 10:01 AM

I have tried the config suggested but I am still finding difficulties. I have attached the file below

Project.zip
0 Helpful

Georg Pauwen
VIP
VIP
In response to networkjock

‎02-21-2020 10:54 AM

Hello,

 

I still cannot access the routers, can you either grant access or post the running configs of both routers ?

0 Helpful

Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎02-21-2020 10:58 AM

The routing on your firewall is incorrect:

 

route outside 10.0.0.0 255.255.255.0 192.168.1.2 1
route outside 30.0.0.0 255.255.255.0 192.168.0.2 1

 

needs to be:

 

route outside 10.0.0.0 255.255.255.0 192.168.1.2 1
route inside 30.0.0.0 255.255.255.0 192.168.0.2 1

0 Helpful

Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎02-21-2020 11:03 AM

Hello,

 

make sure that on your routers, the below is configured:

 

AKCBranchRouter

 

ip route 0.0.0.0 0.0.0.0 192.168.0.1

 

AKCHQRouter

 

ip route 0.0.0.0 0.0.0.0 192.168.1.1

0 Helpful

Georg Pauwen
VIP
VIP

‎02-18-2020 11:32 AM

Here is a working config for the ASA5506-X in Packet Tracer. I have also included the zipped project file...

 

ASA Version 9.6(1)
!
hostname ciscoasa
names
!
interface GigabitEthernet1/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet1/2
nameif outside
security-level 0
ip address 192.168.20.1 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 192.168.20.2 1
!
access-list ICMP_HTTP_SMTP_POP3 extended permit icmp any any echo-reply
access-list ICMP_HTTP_SMTP_POP3 extended permit tcp any any eq www
access-list ICMP_HTTP_SMTP_POP3 extended permit tcp any any eq pop3
access-list ICMP_HTTP_SMTP_POP3 extended permit tcp any any eq smtp
access-list ICMP_HTTP_SMTP_POP3 extended permit icmp any any echo
!
access-group ICMP_HTTP_SMTP_POP3 in interface outside
!
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
inspect dns
inspect http
inspect icmp
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
!
service-policy global_policy global
!
telnet timeout 5
ssh timeout 5
!
ciscoasa#

ICMP_HTTP_MAIL.zip
0 Helpful

JebusXI
Level 1
Level 1
In response to Georg Pauwen

‎06-03-2021 09:54 AM

Hello,

 

I'm experiencing the same issues myself, may I DM you?

 

Thanks!

0 Helpful
Customers Also Viewed These Support Documents