We help IT Professionals succeed at work.
Get Started

Cisco ASA 5505 Static Routing and Clients

Last Modified: 2012-05-11
I have a Cisco ASA 5505 acting as my def. gateway for my network. (  I have another static route network (, which is accessible via (

The ASA can ping anything in the network just fine, however none of my workstations who use as their def. gateway can ping the network.  I'm guessing I'm missing something simple on the ASA.

Ideas?  ASA Configuration is below.
: Saved
ASA Version 8.2(1) 
hostname FIREWALL
enable password * encrypted
passwd * encrypted
name DC-03
name RADIO
interface Vlan1
 no nameif
 no security-level
 no ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.10 
interface Vlan20
 nameif inside
 security-level 100
 ip address 
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
 switchport access vlan 20
interface Ethernet0/3
 switchport access vlan 20
interface Ethernet0/4
 switchport access vlan 20
interface Ethernet0/5
 switchport access vlan 20
interface Ethernet0/6
 switchport access vlan 20
interface Ethernet0/7
 switchport access vlan 20
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
 name-server x.x.x.1
 name-server x.x.x.2
same-security-traffic permit intra-interface
object-group service VPN
 service-object gre 
 service-object tcp eq pptp 
object-group service WEB
 service-object tcp eq www 
 service-object tcp eq https 
object-group service RADIO
 service-object udp eq 10195 
object-group service EMAIL
 service-object tcp eq smtp 
 service-object tcp eq https 
object-group service BES
 service-object tcp eq 3101 
access-list outside_access_in extended permit icmp any any echo-reply 
access-list outside_access_in extended permit gre any any 
access-list outside_access_in extended permit tcp any any eq pptp 
access-list outside_access_in extended permit object-group VPN any host x.x.x.129 
access-list outside_access_in extended permit object-group RADIO any host x.x.x.130 
pager lines 24
logging enable
logging asdm informational
logging host inside
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
static (inside,outside) x.x.x.129 DC-03 netmask 
static (inside,outside) x.x.x.130 RADIO netmask 
access-group outside_access_in in interface outside
route outside x.x.x.9 1
route inside 1
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL 
http server enable
http inside
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh inside
ssh inside
ssh inside
ssh timeout 15
console timeout 0

priority-queue outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username * password * encrypted privilege 15
class-map cloass-default
class-map inspection_default
 match default-inspection-traffic
policy-map QOS-TRAFFIC-OUT
 class class-default
  shape average 20000000
policy-map global_policy
 class inspection_default
  inspect pptp 
service-policy global_policy global
service-policy QOS-TRAFFIC-OUT interface outside
prompt hostname context 
: end

Open in new window

Watch Question
Senior infrastructure engineer
Top Expert 2012
This problem has been solved!
Unlock 2 Answers and 37 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE