Skip navigation
Cisco Learning Home > Certifications > Security > VPN Security Specialist > Discussions

_Communities

This Question is Not Answered 1 Correct Answer available (4 pts) 1 Helpful Answer available (2 pts)
8344 Views 26 Replies Latest reply: Aug 5, 2011 8:23 AM by Keith Barker - CCIE RS/Security, CISSP RSS 1 2 Previous Next

Currently Being Moderated

ASA 5505 and NAT

Jul 28, 2011 1:33 AM

David 16 posts since
Jul 28, 2011

Hello,

 

I`ve a problem with my ASA5505. ASA is connected to my network trought easy vpn, the connection works but i don´t have traffic from my network to LAN inside ASA but from inside ASA Lan to my network it`s working. The topology are:

Lan -> ASA 5505 -> DSL router -> Corporate FW -> Corporate Network

Here ASA config:

ASA Version 8.2(5)

!

hostname ciscoasa

names

name 192.168.0.0 DMZ

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 172.33.0.254 255.255.0.0

!

interface Vlan2

nameif outside

security-level 0

ip address 192.168.1.2 255.255.255.0

!

boot system disk0:/asa825-k8.bin

ftp mode passive

dns server-group DefaultDNS

domain-name red.rba.es

access-list outside_access_in extended permit icmp any any

access-list outside_access_in extended permit ip any any

access-list outside_access_in extended permit tcp any any eq telnet

access-list inside_access_in extended permit icmp any any

access-list inside_access_in extended permit ip any any

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-645.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 192.168.1.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 172.33.0.0 255.255.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto ca trustpoint _SmartCallHome_ServerCA

crl configure

crypto ca certificate chain _SmartCallHome_ServerCA

certificate ca 6ecc7aa5a7032009b8cebcf4e952d491

    308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130

    0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117

    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b

    13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504

    0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72

    20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56

    65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043

    65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31

    30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b

    30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20

    496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65

    74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420

  quit

telnet timeout 5

ssh timeout 5

console timeout 0

dhcp-client client-id interface outside

vpnclient server ***.***.***.***

vpnclient mode network-extension-mode

vpnclient nem-st-autoconnect

vpnclient vpngroup ***** password *****

vpnclient username ***** password *****

vpnclient management clear

vpnclient enable

threat-detection basic-threat

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

webvpn

!

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

!

prompt hostname context

call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:0c370294605e29c4b9926f7669439e40

: end

asdm image disk0:/asdm-645.bin

asdm location DMZ 255.255.255.0 inside

no asdm history enable

 

DSL inside IP: 192.168.1.1

DSL outside IP: 83.107.25.45

Can you help me please? Tell me if you need anything else.

Sorry for my english.

 

Thanks David

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)