CHANGE the interface SUBNETMAKS MUST BE

(255.0.0.0)

first u dont need this command

route inside 10.0.0.0 255.0.0.0 10.20.10.6

and if u pinging from inside to the router outside

then the config i have sent u is working!!

and for ur knowledge

in ASA firewall u cant ping an interface from another interface

please, if helpful rate

did u get it work?

dont forget the interface subnet mask should be 255.0.0.0

als all ur hosts in that inside network

should be in subnet 255.0.0.0

as we configured the nating with 255.0.0.0

and let me know

good luck

my inside network is not /8, i have /24,/25 etc. what u suggest in that case!!

can u send simple diagram with current config please

to save the time

Please find the attachment for asa config..router config u alredy have.

There are approx 210 no'f vlans into dist switches (4507R) which bare connected with 6513.

ASA is connected directly with Core switch.

In core vlan 900

ip address : 10.20.10.6/16

asa is connected to this vlan.

ok then keep ur config as it is

and do the static nat as i told u befor

also

enable icmp inspection for ping:

policy-map global_policy

class inspection_default

inspect icmp

inspect icmp error

exit

also do the following to let the firewall do ping its self

permit icmp any interface outside echo

permit icmp any interface outside echo-reply

by the way the config u sent me withiut any nating configured?

so sure when u do show xlate will give u 0

and one more question when u done my config have u get ur inside network working normaly i mean cna go out the router and ping ?

check u r network behind the switch if it has the right config and right defuale gateways conffigured

and let me know

it should work just do it care fully and step by step

good luck

Hi,

My LAN is working fine. I can ping asa inside interface, i am not able to ping asa outside or rouetr laninterface.

do u have route to ur inside network on ur router?

i mean for 10.0.0.0/8?

u need to have on ur router somthing like:

ip route 10.0.0.0 255.0.0.0 [asa ouside ip]

also for icmp

have u don on ur asa:

permit icmp any inside echo

permit icmp any outside echo

and i told u cant ping the asa outside interface from inside or dmz

in other words u cant ping any asa interface from other interface

just u need to get the ping to the router

please after u finish all the config post them to me if didnt work

with full config

i will do this & let you know. Bye the way..thank u very much for your help.

u welocme

and good luck

please, rate the helful post

It's working..thanx a lot.

but access is happening only from 10.20.x.x/16. i did this into asa:

static(inside, outside) 10.0.0.0 10.0.0.0 netmask 255.255.0.0.

My asa inside interface ip: 10.20.10.21 /16.

But i have number of vlans in the range /24,/25,/26 etc with 10.145.x.x series in LAN. from such ddresses internet is not happening.

your suggestion on tjis any !!!

do u have the right vlan and default gateways configured

also route

now it is routing problem

first check the default gateway configuration and make sure they can oping the asa

also make sure u have the route configured through the inside interface on the ASA

please, rate the helpful post

and good luck

Hi,

I tried to do this ut not happening.

From user side i can ping the asa inside interface. In my switch default route o.o.o.o o.o.o.o 10.20.10.X (asa inside ip) is given.

In switch vlan 900 is created & asa inside is assigned an ip from that segment.

Internet access is happen ing from only vlan 900..from other vlan i can't access internet.

plz suggest.

Hi,

I am sorry to say that internet is not happening from any of the vlan's.

I have connected my pc directly with the asa inside interface having the pc g/w as inside interface still not happening.

plz help