Ricardo remember to rate all of the helpful answeres,įor more information about Core and Security Networking follow my website at.
So with that in mind if you have not changed anything else on the inside network I would blame the ISP. The different between one NAT and the other is that with one you make reference to the destination address, on the other not. So that being said the solution you are providing does not solve the fact that the ping inside 4.2.2.2 will not work as that will never happen (unless you reach the internet via Inside) On an ASA device when you do a ping inside 4.2.2.2 you are not letting the device know that you want to source the packet from the inside interface IP address (as a router would do) you are basically telling the ASA try to contact 4.2.2.2 via the Inside Interface and Ofcourse this will not work.As the previous engineers has state on an ASA you cannot ping the far-end interface (this means if I sit on a desktop behind the inside interface I will not be able to ping the Outside interface IP address but the inside interface).Nat (inside) 1 access-list inside_nat_outboundĪnd voila everything is working i was able to ping 4.2.2.2 to the outside, I think that the problem is with the public ip directly assigned to the ASA by iSP and not the private ip, because in my test enviorement was working perfectly and i was using 192.168.0.0 and 172.18.0.0 networks as the outside interface ip and everything was fine.īut thanks to all that help now have to start to apply security and acls configs. So inter-vlan routing is not wowrking after I have to use the followings commands to see if there any change but not resultsĪfter all the thing i've done in CLI I logged into the ASDM and in the nat section i look that nat was not having destination. Sending 5, 100-byte ICMP Echos to 66.XX.XX.174, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Subscribe-to-alert-group telemetry periodic dailyĬryptochecksum:0c8a226f7c4a8d5a03e6fcd821893898Ĭisco ASA 5505 Base License - not inter-vlan-routing no internet access from inside interface Subscribe-to-alert-group configuration periodic monthly Subscribe-to-alert-group inventory periodic monthly Policy-map type inspect dns preset_dns_mapĭestination address email transport-method http
CISCO ASA 5505 USER LICENSE UPGRADE PASSWORD
Username root password XXXXXXXXX encrypted privilege 15 No threat-detection statistics tcp-intercept Snmp-server enable traps snmp authentication linkup linkdown coldstartĬrypto ipsec security-association lifetime seconds 28800Ĭrypto ipsec security-association lifetime kilobytes 4608000 Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absoluteĭynamic-access-policy-record DfltAccessPolicy Icmp unreachable rate-limit 1 burst-size 1 Same-security-traffic permit intra-interface Same-security-traffic permit inter-interface I have activated those commands and nothing i cant not ping to my vlan2 interface from my inside: I do not have a router making the 元 routing only the ASA but it could let me pass traffic because the ASA is a 元 device. I having this kind of config and in my network were workig flawless but in the site installed is giving me trouble.įirst my conection to the site is working so i can access from the internet to the ASA, but I cant do inter-vlan routing in the ASA.
0 kommentar(er)
