Solved: Basic Network with Firewall

cyberWolf · ‎03-25-2022

Hi Good Day,

Hoping that someone can advise me why I cannot ping the router from inside the firewall. I have this basic network with end devices inside the firewall that is connected to a switch, I was able to ping all the devices inside the firewall with one another but if I am trying to ping the router which is outside the firewall I received a no reply. (is it normal if I am using firewall?)

Then, I tried to ping the router from the firewall connected to another switch, that connects the firewall and the router from outside I received a successful reply, but from router to inside end devices inside the firewall and vice versa end device to firewall the ping fails.

Georg Pauwen · ‎03-25-2022

Hello,

the router has no routing, and the firewall needs to allow ICMP. Add the lines marked in bold:

ciscoasa#sh run
: Saved
:
ASA Version 8.4(2)
!
hostname ciscoasa
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 172.16.1.100 255.255.255.0
!
--> access-list ICMP extended permit icmp any any
!
--> access-group ICMP in interface outside
!
telnet timeout 5
ssh timeout 5
!
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.36 inside
dhcpd enable inside
!
ciscoasa#

Router#sh run
Building configuration...

Current configuration : 651 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
license udi pid CISCO1941/K9 sn FTX1524Q9Z1-
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
--> ip route 0.0.0.0 0.0.0.0 172.16.1.100
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

View solution in original post

Georg Pauwen · ‎03-25-2022

Hello,

the router has no routing, and the firewall needs to allow ICMP. Add the lines marked in bold:

ciscoasa#sh run
: Saved
:
ASA Version 8.4(2)
!
hostname ciscoasa
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 172.16.1.100 255.255.255.0
!
--> access-list ICMP extended permit icmp any any
!
--> access-group ICMP in interface outside
!
telnet timeout 5
ssh timeout 5
!
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.36 inside
dhcpd enable inside
!
ciscoasa#

Router#sh run
Building configuration...

Current configuration : 651 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
license udi pid CISCO1941/K9 sn FTX1524Q9Z1-
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
--> ip route 0.0.0.0 0.0.0.0 172.16.1.100
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

cyberWolf · ‎03-25-2022

Hi @Georg Pauwen

Thank you for the help, I will then proceed for basic configuration of each device and be able to complete the activity.

Thank you