Solved

Basic ASA setup

Posted on 2016-08-13
1
69 Views
Last Modified: 2016-08-18
I have set up an ASA (NOLA-ASA) in my lab.  The ip addresses assigned are
G0/0       1.1.1.1/30
G0/6      190.190.190.1/30

The inside router (NOLA) has the following addresses assigned
Fa1/0      1.1.1.2/30
L0:       5.5.5.5/24

The outside router (GREATWIDEOPEN) has the following addresses assigned
fa0/0:       190.190.190.2/30
L0:       8.8.8.16/24

I can ping the ip addresses on the ASA from the ASA but I cannot ping the “.2” on the router.  But everything is up/up:
NOLA-ASA# sh int ip br
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         1.1.1.1         YES manual up                    up  
GigabitEthernet0/1         unassigned      YES unset  administratively down up  
GigabitEthernet0/2         unassigned      YES unset  administratively down up  
GigabitEthernet0/3         unassigned      YES unset  administratively down up  
GigabitEthernet0/4         unassigned      YES unset  administratively down up  
GigabitEthernet0/5         unassigned      YES unset  administratively down up  
GigabitEthernet0/6         190.190.190.1   YES manual up                    up  
Management0/0              unassigned      YES unset  administratively down up

Here is the config file – I know I am missing something simple:

NOLA-ASA# sh run
: Serial Number: 9AM5NCPHJP3
: Hardware:   ASAv, 2048 MB RAM, CPU Pentium II 2793 MHz
:
ASA Version 9.5(2)204
!
hostname NOLA-ASA
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface GigabitEthernet0/0
 nameif inside
 security-level 100
 ip address 1.1.1.1 255.255.255.252
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/6
 nameif outside
 security-level 0
 ip address 190.190.190.1 255.255.255.252
!
interface Management0/0
 management-only
 shutdown
 no nameif
 no security-level
 no ip address
!
ftp mode passive
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit icmp any any source-quench
access-list 101 extended permit icmp any any unreachable
access-list 101 extended permit icmp any any time-exceeded
pager lines 23
mtu inside 1500
mtu outside 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
access-group 101 out interface inside
access-group 101 in interface outside
route inside 5.5.5.0 255.255.255.0 1.1.1.2 1
route outside 8.8.8.0 255.255.255.0 190.190.190.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
 certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
   ************************************************************************************ Removed for briety
*************************************************************************************
telnet timeout 5
no ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
 profile License
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination transport-method http
Cryptochecksum:b0678ddeb495c7a9347bc11c294bc0d5
: end


Any and all help would be greatly appreciated!!!
0
Comment
Question by:Cered
1 Comment
 
LVL 16

Accepted Solution

by:
Michael Ortega (Internetwerx, Inc.) earned 500 total points
Comment Utility
Add:

policy-map global_policy
 class inspection_default
  inspect icmp

MO
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now