It would be of benefit to

jeremiahjiawen.yap · ‎07-19-2017

I have two Networks A & B and a Cisco ASA 5515-X firewall. Due to limited resources, the Firewall is used as a router between both networks although I know that defeats the purpose of a Firewall. Currently, I have configured Network A to be Inside with security level 100 while Network B is configured as Outside with security level 0. I cannot ping any nodes from Network A to Network B vice versa. It seems like I am missing some configuration. Is this setup feasible or do I need an additional router/layer 3 switch to make this work? The attached picture shows the current setup of my network.

Network A: 172.20.0.0/24 (VLAN 1) - Cisco 2960

Network B: 172.21.50.0/24 (VLAN 200) - Cisco 3560

GRANT3779 · ‎07-19-2017

It would be of benefit to see the configuration you have on the ASA and also the switch ports connected to the ASA interfaces to point you in the right direction.

Few things come to mind -

You may need to be inspecting ICMP if you are not already doing so. Look at the global policy near bottom of config. Do you see any inspect icmp config?

If you have traffic "originating" from the Outside (0) TO the Inside (100) you will also need an access list allowing he desired traffic.

Should traffic be allowed to flow freely between these two networks? If so, it may be better to have them at same security level on the ASA and permit same security inter interface traffic. Again, not entirely sure on your goals etc with the setup.

Thanks

Setup two directly connected interface on ASA firewall to communicate