troubleshooting Question
Cisco ASA 5505 Static Routing and Clients
I have a Cisco ASA 5505 acting as my def. gateway for my network. (192.168.20.1). I have another static route network (192.168.10.0), which is accessible via (192.168.20.80).
The ASA can ping anything in the 192.168.10.0 network just fine, however none of my workstations who use 192.168.20.1 as their def. gateway can ping the 192.168.10.0 network. I'm guessing I'm missing something simple on the ASA.
Ideas? ASA Configuration is below.
The ASA can ping anything in the 192.168.10.0 network just fine, however none of my workstations who use 192.168.20.1 as their def. gateway can ping the 192.168.10.0 network. I'm guessing I'm missing something simple on the ASA.
Ideas? ASA Configuration is below.
: Saved
:
ASA Version 8.2(1)
!
hostname FIREWALL
enable password * encrypted
passwd * encrypted
names
name 192.168.20.20 DC-03
name 192.168.20.46 RADIO
!
interface Vlan1
shutdown
no nameif
no security-level
no ip address
!
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.10 255.255.255.252
!
interface Vlan20
nameif inside
security-level 100
ip address 192.168.20.1 255.255.254.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 20
!
interface Ethernet0/3
switchport access vlan 20
!
interface Ethernet0/4
switchport access vlan 20
!
interface Ethernet0/5
switchport access vlan 20
!
interface Ethernet0/6
switchport access vlan 20
!
interface Ethernet0/7
switchport access vlan 20
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
name-server x.x.x.1
name-server x.x.x.2
same-security-traffic permit intra-interface
object-group service VPN
service-object gre
service-object tcp eq pptp
object-group service WEB
service-object tcp eq www
service-object tcp eq https
object-group service RADIO
service-object udp eq 10195
object-group service EMAIL
service-object tcp eq smtp
service-object tcp eq https
object-group service BES
service-object tcp eq 3101
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit gre any any
access-list outside_access_in extended permit tcp any any eq pptp
access-list outside_access_in extended permit object-group VPN any host x.x.x.129
access-list outside_access_in extended permit object-group RADIO any host x.x.x.130
pager lines 24
logging enable
logging asdm informational
logging host inside 192.168.10.33
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) x.x.x.129 DC-03 netmask 255.255.255.255
static (inside,outside) x.x.x.130 RADIO netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.9 1
route inside 192.168.10.0 255.255.254.0 192.168.20.80 1
route inside 192.168.30.0 255.255.255.0 192.168.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.10.0 255.255.254.0 inside
http 192.168.20.0 255.255.254.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.20.0 255.255.254.0 inside
ssh 192.168.10.0 255.255.254.0 inside
ssh 192.168.30.0 255.255.255.0 inside
ssh timeout 15
console timeout 0
priority-queue outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username * password * encrypted privilege 15
!
class-map cloass-default
class-map inspection_default
match default-inspection-traffic
!
!
policy-map QOS-TRAFFIC-OUT
class class-default
shape average 20000000
policy-map global_policy
class inspection_default
inspect pptp
!
service-policy global_policy global
service-policy QOS-TRAFFIC-OUT interface outside
prompt hostname context
Cryptochecksum:a0bb4c3e7b41f636d9a0fd7cb2d33259
: end
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 37 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.