07-23-2019 01:15 AM
I want to connect to a Database server(10.145.11.151 255.255.255.192) on the outside interface, which is connected to our plant wide network and assinged an IP (10.145.53.98 255.255.255.192) via DHCP , from my Inside network (10.123.48.0/24). But i am having problems doing the same and I have some following question.
1. Since my outside interface is not connected directly to the database server (Tracert command shows 3 hops from my outside interface as shown below)
C:\Users\admin>tracert 10.145.11.151
Tracing route to INCOS-30 [10.145.11.151]
over a maximum of 30 hops:
1 144 ms 6 ms 1 ms 10.145.53.65
2 <1 ms <1 ms <1 ms 10.40.1.3
3 <1 ms 1 ms 1 ms INCOS-30 [10.145.11.151]
Now how do i set route for my outside interface to the database server??
2. Do i need to set the path only for next hop i.e 10.145.53.65 or i need to configure the entire path to database server??
07-23-2019 01:38 AM
Hello,
if you add the keyword 'setroute' to the outside interface IP address assignment, that would automatically create a default route. You don't need anything else.
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
07-23-2019 10:41 PM
07-24-2019 12:19 AM
Hello,
below is a example:
interface gigabitethernet1/1
nameif outside
security-level 0
ip address dhcp setroute
no shutdown
!
interface gigabitethernet1/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
no shutdown
!
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
07-26-2019 10:22 PM
config is still not working , i have attached a graphic showing my network config. i want to be able to ping my host on outside network from host on my inside network. As i have understood so far i have broken down the config to 4 parts
1. Configuration for inside and outside interface with IP and mask as soon in the graphic
2.configure NAT for inside address translation
3. configure ACL for allowing traffic from outside to inside interface
4. configuring a static route to route all outside interface traffic through gateway 10.145.53.65
I have done all the required configuration but still no success.
07-26-2019 10:25 PM - edited 07-26-2019 10:46 PM
One more thing , i am able to ping the default gateway via console but not through ping from CMD , Why is this happening??
07-27-2019 09:50 AM
Hello,
post the full running configuration of your ASA...
07-28-2019 10:19 PM
Thank you all for support , I have sorted out the configuration now.
Must say Debug IP command is useful for knowing whats happening inside the firewall. Once i got Debug IP running i was able to figure out exactly where my ICMP packets are dropping.
THANKS AGAN GUYS !!! :)
07-23-2019 01:39 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide