Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1126
Views
0
Helpful
1
Replies

ASA 5510 8.4 Simple Configuration Issue

jon.engle
Level 1
Level 1

‎08-18-2012 10:18 AM

Good Afternoon,

   Ok, so let me start out by saying that I am by no means an expert with an ASA/ASDM but what I am trying to accomplish seems pretty straight forward and I feel like I am missing something easy!

----Internet----

     eth0

     1.2.3.250 = VPN termination point (This is tested and functioning properly with 10.200.1.2 as the remoteip)

     eth1

     10.200.1.1 Interface Address

     Host IP

     10.200.1.2

Issues:

The IPSEC SA is established however I cannot reach the 10.200.1.2 host

The 10.200.1.2 host cannot ping the 1.2.3.250 interface nor do i see any hits on the policy log (10.200.1.2 any ip permit)

I understand both routes are directly connected but it seems like the public and private interfaces cannot communicate

Objectives:

1. Configure the ASA so that the VPN terminating can access the 10.200.1.2 host.

2. Configure the ASA so that the 10.200.1.2 host can reach the Internet.

Is there a sample configuration I could look at of someone accomplishing a similar task?

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎08-18-2012 11:56 PM

Hello Jon,

1) Add the fixup protocol icmp command so ICMP packets can be inspected statefully,

2) You cannot ping a far end interface as this is a security breach so from an inside user you will not be able to ping the DMZ or Outside interface of your own asa but you should be able to ping any other host behind that other interface,

Regards,

Rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents