Advertisement

01.16.2008 at 12:15AM PST, ID: 23086333
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
5.2

Routing not working with Cisco ASA 5510

Zones: Network Management, Networking Hardware, Network Operations
Tags: Cisco, ASA 5510, Cisco, ASA 5510
I'm having problems with routing through my ASA 5510.

I can ping the gateway and beyond from the ASA - 172.31.50.1 & 172.31.3.252 but I can't ping from the internal network through the device, it doesn't seem to be letting any traffic through.

Here's the config:

pix# show running-config
: Saved
:
ASA Version 7.0(7)
!
hostname pix
domain-name waterfrontstudios.co.za
enable password fXEvDioRaOdx6xq3 encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif Internet
 security-level 0
 ip address 172.31.50.10 255.255.255.0
!
interface Ethernet0/1
 nameif Trusted
 security-level 100
 ip address 192.168.21.1 255.255.0.0
!
interface Ethernet0/2
 description DMZ - Web, FTP, Mysql
 nameif DMZ
 security-level 50
 ip address 10.10.20.1 255.255.255.0
!
interface Ethernet0/3
 description Clients - Client Network
 shutdown
 nameif Clients
 security-level 3
 ip address 10.10.30.1 255.255.255.0
!
interface Management0/0
 nameif management
 security-level 100
 ip address 10.10.10.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
object-group service Farmers-Wife tcp
 description Farmers-Wife External Access
 port-object eq www
 port-object range 22000 22000
 port-object range 3389 3389
 port-object eq echo
object-group service Zimbra tcp
 description Email Servers
 port-object eq echo
 port-object eq www
 port-object range 7071 7071
 port-object eq ssh
 port-object eq pop3
 port-object eq https
 port-object eq smtp
 port-object eq imap4
object-group service webservices tcp
 description Preview,FTP,Webe
 port-object eq echo
 port-object eq www
 port-object eq ctiqbe
 port-object eq ssh
 port-object range 3389 3389
 port-object eq ftp
 port-object range 3306 3306
access-list Internet_access_in extended permit tcp any host 172.31.50.8 object-group Zimbra
access-list Internet_access_in extended permit tcp any host 172.31.50.6 object-group Zimbra
access-list Internet_access_in extended permit tcp any host 172.31.50.14 object-group webservices
access-list Internet_access_in extended permit tcp any host 172.31.50.7 object-group webservices
access-list Internet_access_in extended permit tcp any host 172.31.50.76 object-group webservices
access-list Internet_access_in extended permit tcp any host 172.31.50.77 object-group webservices
access-list Internet_access_in extended permit tcp any host 172.31.50.5 object-group Farmers-Wife
access-list Internet_access_in extended permit tcp any host 172.31.50.70 object-group webservices
access-list Internet_access_in extended permit tcp any host 172.31.50.13 object-group webservices
access-list Internet_access_in remark Waterfront Proxy Redirect
access-list Internet_access_in extended permit tcp any eq www host 172.31.50.81 eq 8080
access-list Internet_access_in extended permit icmp any any
access-list Trusted_nat0_outbound extended permit ip any 192.168.0.0 255.255.255.224
access-list DMZ_nat0_outbound extended permit ip any 192.168.0.0 255.255.255.224
pager lines 24
logging asdm informational
mtu Internet 1500
mtu Trusted 1500
mtu DMZ 1500
mtu Clients 1500
mtu management 1500
ip local pool VPN 192.168.0.10-192.168.0.20 mask 255.255.0.0
no failover
icmp permit any Internet
icmp permit any Trusted
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (Internet) 2 172.31.50.100-172.31.50.239 netmask 255.255.255.0
global (DMZ) 1 10.10.20.50-10.10.20.100
nat (Trusted) 0 access-list Trusted_nat0_outbound
nat (Trusted) 0 0.0.0.0 0.0.0.0
nat (DMZ) 0 access-list DMZ_nat0_outbound
nat (management) 0 0.0.0.0 0.0.0.0
static (DMZ,Internet) 172.31.50.8 10.10.20.2 netmask 255.255.255.255
static (DMZ,Internet) 172.31.50.6 10.10.20.3 netmask 255.255.255.255
static (DMZ,Internet) 172.31.50.14 10.10.20.4 netmask 255.255.255.255
static (DMZ,Internet) 172.31.50.7 10.10.20.5 netmask 255.255.255.255
static (DMZ,Internet) 172.31.50.76 10.10.20.6 netmask 255.255.255.255
static (DMZ,Internet) 172.31.50.77 10.10.20.7 netmask 255.255.255.255
static (Trusted,Internet) 172.31.50.5 192.168.0.53 netmask 255.255.255.255
static (Trusted,Internet) 172.31.50.70 192.168.0.54 netmask 255.255.255.255
static (Trusted,Internet) 172.31.50.13 192.168.21.151 netmask 255.255.255.255
static (Trusted,Internet) 172.31.50.81 192.168.0.60 netmask 255.255.255.255
access-group Internet_access_in in interface Internet
route Internet 0.0.0.0 0.0.0.0 172.31.50.1 1
route Trusted 192.0.0.0 255.255.0.0 192.168.21.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy CiscoASA internal
group-policy CiscoASA attributes
 wins-server value 192.168.0.51 192.168.0.52
 dns-server value 192.168.0.51 192.168.0.52
 default-domain value waterfrontvpn.co.za
 webvpn
username admin password nfxQSC/KrSi6UL15 encrypted privilege 15
username waterfront password iomyORe9E.7C9YY2 encrypted privilege 0
username waterfront attributes
 vpn-group-policy CiscoASA
 webvpn
aaa authentication telnet console LOCAL
http server enable
http 192.168.21.0 255.255.255.0 Trusted
http 192.168.0.0 255.255.255.255 Trusted
http 10.10.10.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map Internet_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Internet_map 65535 ipsec-isakmp dynamic Internet_dyn_map
crypto map Internet_map interface Internet
isakmp enable Internet
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group CiscoASA type ipsec-ra
tunnel-group CiscoASA general-attributes
 address-pool VPN
 default-group-policy CiscoASA
tunnel-group CiscoASA ipsec-attributes
 pre-shared-key *
telnet 192.168.0.0 255.255.0.0 Trusted
telnet timeout 5
ssh timeout 5
console timeout 0
management-access Trusted
dhcpd address 10.10.10.2-10.10.10.10 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
smtp-server 192.168.21.8
Cryptochecksum:9f90e62bd17f1f8763398562958d460b
: end


Anyone have any ideas?
Start your free trial to view this solution
Question Stats
Zone: Networking
Question Asked By: condorcape
Solution Provided By: condorcape
Participating Experts: 2
Solution Grade: A
Views: 63
Translate:
Loading Advertisement...
01.16.2008 at 03:31AM PST, ID: 20670791
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.16.2008 at 11:28AM PST, ID: 20675153
noctot:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.16.2008 at 10:49PM PST, ID: 20679204
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.22.2008 at 08:39AM PST, ID: 20715770
stuknhawaii:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.24.2008 at 12:33AM PST, ID: 20731614
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.24.2008 at 12:34AM PST, ID: 20731616
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.24.2008 at 07:56AM PST, ID: 20734116
stuknhawaii:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.24.2008 at 07:59AM PST, ID: 20734143
stuknhawaii:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.24.2008 at 08:04AM PST, ID: 20734191
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.24.2008 at 08:13AM PST, ID: 20734278
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.24.2008 at 08:28AM PST, ID: 20734447
stuknhawaii:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.24.2008 at 10:50PM PST, ID: 20740595
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.25.2008 at 05:07AM PST, ID: 20742101
stuknhawaii:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.25.2008 at 05:12AM PST, ID: 20742134
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.28.2008 at 05:26AM PST, ID: 20758640
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
01.31.2008 at 04:07AM PST, ID: 20785803
condorcape:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
20080236-EE-VQP-29 / EE_QW_2_20070628