Link to home
Start Free TrialLog in
Avatar of rgoodman1
rgoodman1

asked on

Cox Cable and ASA 5510

I recently moved my organization to COX cable from the T3 we had B4.  When I plug the ASA into the cable I can ping the gateway from outside INT but I get a NO EGRESS when trying to ping from inside INT.  With the T3 I had 2 serial ip's for a router inside and out both a /30.  Here they gave me just a gateway and non-contiguous block of IP's.  Need to get traffic across the inside INT to out.  No vpn or anything else setup just generic for right now.  Attaching my config.
asa-config.txt
Avatar of eeRoot
eeRoot
The interface eth0/0 IP of xxx.xxx.xxx.198 and the line "route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.198 1" may be conflicting.  Can you double check these addresses and make sure that the firewall is not set to route to itself?
Avatar of rgoodman1
rgoodman1

ASKER

I dont see a conflict.  Everything states all traffic going out must use eth0/0.  Maybe I am missing something with what you were saying.
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image
your route outside
route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.198 1

appears to use the same address as the outside interface
ip address xxx.xxx.xxx.198 255.255.255.240

the route statement should be to a different address
Avatar of rgoodman1
rgoodman1

ASKER

Explain a little more please.  Should I leave the route outside off?  The way I saw it was is everything inside routes outside VIA the outside int, which has a gateway attached to it.
ASKER CERTIFIED SOLUTION
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rgoodman1
rgoodman1

ASKER

Will try tmw as I am home now.  Still dont understand why outside int could ping the gateway but the inside could not even ping the outside much less the gateway.
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image
Because the gateway was local to the outside interface, you don't need a route to reach another host on the same network, however to reach it from another network you need a route to it.
Avatar of eeRoot
eeRoot
The inside traffic needs to be redirected through the outside interface, this is what the router statement does.  The pings from the firewall itself are working, because pinging from the interface forces the traffic to go out through the outside interface.  The pings from the inside are never leaving the firewall because the route statement is pointing at the firewall.