Re: Cisco ASA configration

AmitBokade8335 · ‎07-23-2019

I want to connect to a Database server(10.145.11.151 255.255.255.192) on the outside interface, which is connected to our plant wide network and assinged an IP (10.145.53.98 255.255.255.192) via DHCP , from my Inside network (10.123.48.0/24). But i am having problems doing the same and I have some following question.

1. Since my outside interface is not connected directly to the database server (Tracert command shows 3 hops from my outside interface as shown below)

C:\Users\admin>tracert 10.145.11.151

Tracing route to INCOS-30 [10.145.11.151]
over a maximum of 30 hops:

1 144 ms 6 ms 1 ms 10.145.53.65
2 <1 ms <1 ms <1 ms 10.40.1.3
3 <1 ms 1 ms 1 ms INCOS-30 [10.145.11.151]

Now how do i set route for my outside interface to the database server??

2. Do i need to set the path only for next hop i.e 10.145.53.65 or i need to configure the entire path to database server??

Georg Pauwen · ‎07-23-2019

Hello,

if you add the keyword 'setroute' to the outside interface IP address assignment, that would automatically create a default route. You don't need anything else.

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address dhcp setroute

AmitBokade8335 · ‎07-23-2019

One more thing , how to configure NAT when mapped interface address is dynamically assinged??

Georg Pauwen · ‎07-24-2019

Hello,

below is a example:

interface gigabitethernet1/1
nameif outside
security-level 0
ip address dhcp setroute
no shutdown
!
interface gigabitethernet1/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
no shutdown
!
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0

AmitBokade8335 · ‎07-26-2019

config is still not working , i have attached a graphic showing my network config. i want to be able to ping my host on outside network from host on my inside network. As i have understood so far i have broken down the config to 4 parts

1. Configuration for inside and outside interface with IP and mask as soon in the graphic

2.configure NAT for inside address translation

3. configure ACL for allowing traffic from outside to inside interface

4. configuring a static route to route all outside interface traffic through gateway 10.145.53.65

I have done all the required configuration but still no success.

AmitBokade8335 · ‎07-26-2019

One more thing , i am able to ping the default gateway via console but not through ping from CMD , Why is this happening??

Georg Pauwen · ‎07-27-2019

Hello,

post the full running configuration of your ASA...

AmitBokade8335 · ‎07-28-2019

Thank you all for support , I have sorted out the configuration now.

Must say Debug IP command is useful for knowing whats happening inside the firewall. Once i got Debug IP running i was able to figure out exactly where my ICMP packets are dropping.

THANKS AGAN GUYS !!! :)

kubn2 · ‎07-23-2019

Hi,

If you want to setup static route you only doing this with next hop address. For example for first hop it should be
ip route inside/outside 10.145.11.151 255.255.255.192 10.145.53.65
for the next one:
ip route inside/outside 10.145.11.151 255.255.255.192 10.40.1.3
and so on