Re: ACK! This ASA 5500 is kicking my ***!
- From: Chad Mahoney <chad@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 31 May 2007 08:32:00 -0400
Ingot wrote:
Any help would be appreciated! I ran a Raptor Eagle NT for a small collegePerhaps you could post a config?
about 9 years ago, but a lot's changed.
I have a new Cisco ASA 5500, and a hard deadline, and I need to get just
BASIC traffic configured, the simplest setup just to get operational.
One protected inside network with just a few hosts and a public IP range...
One outside interface to our Internet Gateway (Cisco 2811) with a registered
address range.
The interfaces are configured. I've confirmed connectivity by pings from
the firewall.
All interfaces can be pinged from the network they're on.
I've defined interface PAT to and from both sides of the device.
The outside interface has a security setting of 0, inside is 90.
I've gone into device administration, and allowed icmp on both interfaces.
I can NOT ping through though. I can't even ping the outside interface of
the firewall from a host on its inside network.
I'm using the graphic interface right now.
Is there anyone out there that could give me just the BASIC steps you would
use to get a simple inside/outside network setup going on this firewall?
I have about 20 bundles of PDF printout I pulled from the web, none of them
seem to help.
Getting desperate here! I just need to get this basically operational until
I have time to really research and get up to speed!
Ingot
interface Ethernet0/0
description Connection to the Internet
speed 100
duplex full
nameif outside
security-level 0
ip address 66.X.X.2 255.255.255.240
!
interface Ethernet0/1
description Connection to Internal Network
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
access-list outside_access_in remark Allows internal clients to PING to internet
access-list outside_access_in extended permit icmp any host 66.X.X.2 echo-reply log
access-list outside_access_in remark Allows internal clients to traceroute to internet
access-list outside_access_in extended permit icmp any host 66.X.X.2 time-exceeded log
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.255.0
access-group outside_access_in in interface outside
HTH,
Chad
.
- Follow-Ups:
- Re: ACK! This ASA 5500 is kicking my ***!
- From: Ingot
- Re: ACK! This ASA 5500 is kicking my ***!
- References:
- ACK! This ASA 5500 is kicking my ***!
- From: Ingot
- ACK! This ASA 5500 is kicking my ***!
- Prev by Date: ACK! This ASA 5500 is kicking my ***!
- Next by Date: TCP Window Size
- Previous by thread: ACK! This ASA 5500 is kicking my ***!
- Next by thread: Re: ACK! This ASA 5500 is kicking my ***!
- Index(es):
