Firewall Wizards mailing list archives
CISCO ASA 7.0(8) - internal users cannot browse.
From: Rocker Feller <rocker.rockerfeller () gmail com>
Date: Wed, 25 May 2011 11:04:08 +0300
Hi all, I am a newbie and would like assistance on an asa. I have a cisco asa factory default that i configured. this is my configuration, thank you. 1. I cannot ping the gw ip when connected on console though from teh gw which is a cisco router i can pick the asa mac address. 2. I have the two acls 101 and cmd icmp permit any outside which should enable me to ping from any outside host to the outside interface of the asa to no avail. 3. public ip and gw are public ips. Q. Any assistance to get this working so that i can configure an ra vpn will be appreciated. SA Version 7.0(8) ! domain-name ciscoasa.co.ke names dns-guard ! interface Ethernet0/0 description Link to Service Provider nameif outside security-level 0 ip address publicip 255.255.255.252 ! interface Ethernet0/1 description Link to Local LAN nameif inside security-level 100 ip address 192.168.168.11 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! ftp mode passive access-list ANY extended permit ip any any access-list ANY extended permit icmp any any echo-reply access-list ANY extended permit icmp any any time-exceeded access-list ANY extended permit icmp any any unreachable access-list ANY extended permit icmp any any access-list OUT extended permit icmp any any echo-reply access-list OUT extended permit icmp any any echo access-list 101 extended permit icmp any any echo-reply access-list 101 extended permit icmp any any source-quench access-list 101 extended permit icmp any any unreachable access-list 101 extended permit icmp any any time-exceeded pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu management 1500 icmp permit any outside asdm image disk0:/asdm-508.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 192.168.168.0 255.255.255.0 access-group ANY in interface inside route outside 0.0.0.0 0.0.0.0 gw 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute http server enable http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd enable management ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp ! service-policy global_policy global Cryptochecksum:6f78bb9efb6b013ce7eb3cf8d77268ae Rocker
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- CISCO ASA 7.0(8) - internal users cannot browse. Rocker Feller (Jun 02)
- Re: CISCO ASA 7.0(8) - internal users cannot browse. Farrukh Haroon (Jun 09)
- Re: CISCO ASA 7.0(8) - internal users cannot browse. Christopher J. Wargaski (Jun 09)