Cisco ASA 5505 causing network down

Discussion in 'Cisco' started by pravin21971@gmail.com, Jun 11, 2008.

  1. Guest

    Hi all,
    I have done following config on ASA 5505,
    ASA Version 7.2(3)
    !
    hostname FW1
    domain-name STJOHN
    enable password * encrypted
    names
    name 10.6.1.1 GlobalIP
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 1.1.8.1 255.255.0.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    ip address GlobalIP 255.255.255.248
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    clock timezone WST -11
    dns server-group DefaultDNS
    domain-name STJOHN
    object-group network CLI2
    network-object host 1.1.8.1
    network-object host GlobalIP
    access-list outside_to_inside extended permit tcp any interface
    outside eq 50003 log errors
    pager lines 24
    logging enable
    logging asdm errors
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-523.bin
    no asdm history enable
    arp timeout 14400
    nat-control
    global (inside) 1 1.1.0.0-1.1.2.254 netmask 255.0.0.0
    global (outside) 1 interface
    static (inside,outside) tcp interface 50003 1.1.8.10 50003 netmask
    255.255.255.255
    access-group outside_to_inside in interface outside
    route outside 0.0.0.0 0.0.0.0 10.6.1.6 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
    0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
    disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http 1.1.8.10 255.255.255.255 inside
    http 1.1.0.0 255.255.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet timeout 5
    ssh timeout 5
    console timeout 0

    !
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    !
    prompt hostname context
    Cryptochecksum:*
    : end
    asdm image disk0:/asdm-523.bin
    no asdm history enable

    With this config packest sent from outside interface to ip 10.6.1.1
    are forwared to inside host 1.1.8.10 & this inside host sends ack to
    the sender.

    But when I connect thi ASA to our network. Network stops giving many
    errors like

    Deny inbound UDP from 1.1.x.x/1041 to 1.1.x.x/161 on interface inside
    Inbound TCP connection denied from 1.1.x.x/1419 to 1.1.x.x/1525 flags
    RST on interface inside
    Inbound TCP connection denied from 1.1.x.x/1494 to 1.1.x.x/1175 flags
    RST on interface inside
    Inbound TCP connection denied from 1.1.x.x/49534 to 1.1.x.x/135 flags
    SYN on interface inside
    Inbound TCP connection denied from 1.1.x.x/139 to 1.1.x.x/4215 flags
    PSH ACK on interface inside
    Inbound TCP connection denied from 1.1.x.x/1494 to 1.1.x.x/1029 flags
    PSH ACK on interface inside
    Deny inbound UDP from 1.1.x.x/1032 to 1.1.x.x/53 due to DNS Query


    Any suggestions?
    , Jun 11, 2008
    #1
    1. Advertising

  2. hinka

    Joined:
    Jul 29, 2006
    Messages:
    26
    you're missing the nat statement..
    hinka, Jun 11, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    3,349
  2. colin
    Replies:
    1
    Views:
    4,725
    colin
    Feb 27, 2009
  3. venkatb76

    Re: Shutting down ASA 5505 tunnel

    venkatb76, Mar 27, 2009, in forum: Cisco
    Replies:
    0
    Views:
    842
    venkatb76
    Mar 27, 2009
  4. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    642
    Dogg Child
    Jun 7, 2010
  5. Dogg Child

    ASA 5550 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    4
    Views:
    1,065
    Morph
    Jun 8, 2010
Loading...

Share This Page