Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco ASA 5505 causing network down

Reply
Thread Tools

Cisco ASA 5505 causing network down

 
 
pravin21971@gmail.com
Guest
Posts: n/a
 
      06-11-2008
Hi all,
I have done following config on ASA 5505,
ASA Version 7.2(3)
!
hostname FW1
domain-name STJOHN
enable password * encrypted
names
name 10.6.1.1 GlobalIP
!
interface Vlan1
nameif inside
security-level 100
ip address 1.1.8.1 255.255.0.0
!
interface Vlan2
nameif outside
security-level 0
ip address GlobalIP 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone WST -11
dns server-group DefaultDNS
domain-name STJOHN
object-group network CLI2
network-object host 1.1.8.1
network-object host GlobalIP
access-list outside_to_inside extended permit tcp any interface
outside eq 50003 log errors
pager lines 24
logging enable
logging asdm errors
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
nat-control
global (inside) 1 1.1.0.0-1.1.2.254 netmask 255.0.0.0
global (outside) 1 interface
static (inside,outside) tcp interface 50003 1.1.8.10 50003 netmask
255.255.255.255
access-group outside_to_inside in interface outside
route outside 0.0.0.0 0.0.0.0 10.6.1.6 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 1.1.8.10 255.255.255.255 inside
http 1.1.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0

!
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
!
prompt hostname context
Cryptochecksum:*
: end
asdm image disk0:/asdm-523.bin
no asdm history enable

With this config packest sent from outside interface to ip 10.6.1.1
are forwared to inside host 1.1.8.10 & this inside host sends ack to
the sender.

But when I connect thi ASA to our network. Network stops giving many
errors like

Deny inbound UDP from 1.1.x.x/1041 to 1.1.x.x/161 on interface inside
Inbound TCP connection denied from 1.1.x.x/1419 to 1.1.x.x/1525 flags
RST on interface inside
Inbound TCP connection denied from 1.1.x.x/1494 to 1.1.x.x/1175 flags
RST on interface inside
Inbound TCP connection denied from 1.1.x.x/49534 to 1.1.x.x/135 flags
SYN on interface inside
Inbound TCP connection denied from 1.1.x.x/139 to 1.1.x.x/4215 flags
PSH ACK on interface inside
Inbound TCP connection denied from 1.1.x.x/1494 to 1.1.x.x/1029 flags
PSH ACK on interface inside
Deny inbound UDP from 1.1.x.x/1032 to 1.1.x.x/53 due to DNS Query


Any suggestions?
 
Reply With Quote
 
 
 
 
hinka hinka is offline
Junior Member
Join Date: Jul 2006
Posts: 26
 
      06-11-2008
you're missing the nat statement..
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASA 5550 behind ASA 5505 Dogg Child Cisco 4 06-08-2010 06:56 PM
Re: ASA 5505 behind ASA 5505 Dogg Child Cisco 0 06-07-2010 12:13 PM
Re: Shutting down ASA 5505 tunnel venkatb76 Cisco 0 03-27-2009 11:24 AM
ASA 5505 and PPPoE PPP link down:LCP down / Peer Terminated colin Cisco 1 02-27-2009 02:20 PM
ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated bjorn@kumlait.se Cisco 1 06-17-2007 12:43 PM



Advertisments