ASA 5505 Vlan question
Posted
by Wayne
on Server Fault
See other posts from Server Fault
or by Wayne
Published on 2010-06-16T03:37:47Z
Indexed on
2010/06/16
3:43 UTC
Read the original article
Hit count: 287
I am setting up a cisco asa 5505 with the base license. I can communicate from inside->outside, outside->inside, inside->home, which is my desired traffic security. I can get http, ssh, and other access from inside->home, but I can't ping from inside->home (192.168.110.0 host to 192.168.7.1 or 192.168.7.0 host).
Can someone explain. My config is listed below
interface Vlan1<br>
nameif inside<br>
security-level 100<br>
ip address 192.168.110.254 255.255.255.0 <br>
!<br>
interface Vlan2<br>
nameif outside<br>
security-level 0<br>
pppoe client vpdn group birdie<br>
ip address removedIP 255.255.255.255 pppoe <br>
!<br>
interface Vlan3<br>
no forward interface Vlan1<br>
nameif home<br>
security-level 50<br>
ip address 192.168.7.1 255.255.255.0 <br>
! <br>
interface Ethernet0/0<br>
switchport access vlan 2<br>
! <br>
interface Ethernet0/1<br>
! <br>
interface Ethernet0/2<br>
! <br>
interface Ethernet0/3<br>
! <br>
interface Ethernet0/4<br>
switchport access vlan 3<br>
! <br>
interface Ethernet0/5<br>
shutdown <br>
! <br>
interface Ethernet0/6<br>
shutdown <br>
! <br>
interface Ethernet0/7<br>
shutdown <br>
! <br>
ftp mode passive<br>
clock timezone EST -5<br>
clock summer-time EDT recurring<br>
access-list Outside-In extended permit icmp any any <br>
access-list Outside-In extended permit tcp any any eq www <br>
access-list Outside-In extended permit tcp any any eq https <br>
access-list Outside-In extended permit tcp any any eq 5969 <br>
access-list inside_nat0_outbound extended permit ip any 192.168.111.0 255.255.255.224 <br>
access-list standardUser_splitTunnelAcl1 extended permit ip 192.168.111.0 255.255.255.0 any <br>
access-list standardUser_splitTunnelAcl1 extended permit ip 192.168.110.0 255.255.255.0 <br>any
access-list inside_in extended permit icmp any any <br>
access-list inside_in extended permit ip any any <br>
access-list home_in extended permit icmp any any <br>
access-list home_in extended permit ip any any <br>
pager lines 24<br>
logging enable<br>
logging asdm informational<br>
mtu inside 1492<br>
mtu outside 1492<br>
mtu home 1500 <br>
ip local pool vpnuser 192.168.111.5-192.168.111.20<br>
icmp unreachable rate-limit 1 burst-size 1<br>
asdm image disk0:/asdm-524.bin<br>
no asdm history enable<br>
arp timeout 14400<br>
nat-control <br>
global (outside) 1 interface<br>
nat (inside) 0 access-list inside_nat0_outbound<br>
nat (inside) 1 0.0.0.0 0.0.0.0<br>
nat (home) 1 192.168.7.0 255.255.255.0<br>
static (inside,outside) tcp interface https 192.168.110.6 https netmask 255.255.255.255 <br>
static (inside,outside) tcp interface www 192.168.110.6 www netmask 255.255.255.255 <br>
static (inside,outside) tcp interface 5969 192.168.110.12 5969 netmask 255.255.255.255 <br>
static (inside,home) 192.168.110.0 192.168.110.0 netmask 255.255.255.0 <br>
access-group inside_in in interface inside<br>
access-group Outside-In in interface outside<br>
access-group home_in in interface home<br>
route outside 0.0.0.0 0.0.0.0 RemovedIP 1<br>
© Server Fault or respective owner