Solved: why is my web server unable to ping my HQ through firewall.Please help me, my hair is dropping off..

lightning668 · ‎12-19-2020

Hi guys, my webserver IP address is 10.0.0.114. I've configured my g1/1 nameif as outside and g1/2 nameif as inside, objects network and access-list to permit over port 443. however, it seems like it just can't ping from HQ to the web server. neither can web server ping HQ.

Georg Pauwen · ‎12-20-2020

What are the username/password combinations for the routers ?

Change the IP addresses of the link between the ASA outside interface and the HQ to something other than the 10 subnet, e.g.:

ASA

interface GigabitEthernet1/2
nameif outside
security-level 0
ip address 209.12.12.2 255.255.255.252
!
route outside 0.0.0.0 0.0.0.0 209.12.12.1 1

HQ Router

interface FastEthernet0/0
ip address 209.12.12.1 255.255.255.252

View solution in original post

Georg Pauwen · ‎12-21-2020

Hello,

for some reason, the ASA does not work when you use the same classfull network on the inside and on the network on the outside.

I changed the IP address of GigabitEthernet1/1 to 192.168.10.0/24, at least the PC2 on the very right can now ping the laptop on the very top left. I also added a 'default-infornation originate' to the OSPF process on the HQ router.

Attached the revised file.

View solution in original post

Georg Pauwen · ‎12-19-2020

Hello,

do you have the below configured on the firewall:

class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
inspect icmp
!
service-policy global_policy global

If it still does not work after adding this, post the zipped Packet Tracer project (.pkt) file.

lightning668 · ‎12-20-2020

it still doesn't work, below is my vlsm table and pkt file

Georg Pauwen · ‎12-20-2020

What are the username/password combinations for the routers ?

Change the IP addresses of the link between the ASA outside interface and the HQ to something other than the 10 subnet, e.g.:

ASA

interface GigabitEthernet1/2
nameif outside
security-level 0
ip address 209.12.12.2 255.255.255.252
!
route outside 0.0.0.0 0.0.0.0 209.12.12.1 1

HQ Router

interface FastEthernet0/0
ip address 209.12.12.1 255.255.255.252

lightning668 · ‎12-20-2020

Username for routers is cisco password is cisco . for the firewall, there is no password configured. I tried to change the link between the ASA outside interface and the HQ to 209 address but it still doesn't seem to be working

Georg Pauwen · ‎12-21-2020

Hello,

for some reason, the ASA does not work when you use the same classfull network on the inside and on the network on the outside.

I changed the IP address of GigabitEthernet1/1 to 192.168.10.0/24, at least the PC2 on the very right can now ping the laptop on the very top left. I also added a 'default-infornation originate' to the OSPF process on the HQ router.

Attached the revised file.

ejerhf · ‎10-27-2021

The brand new one has USB easy to get better, so we aren't certain earlier than cautioned what steps to observe. That is the cause requested what model you are applying on your page as you are telling about your wigs product. Desirable to recognize you looked after.

Georg Pauwen · ‎10-27-2021

Hello,

what are you saying, what is your issue ?