ssage-
> > From: cisco-nsp-boun...@puck.nether.net
> > [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Tom
> > Sutherland
> > Sent: Friday, February 25, 2011 4:01 PM
> > To: Michael Loether
> > Cc: cisco-nsp@puck.nether.net
> > Subject: Re: [c-nsp]
; Sutherland
> Sent: Friday, February 25, 2011 4:01 PM
> To: Michael Loether
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] ASA 5505 doesn't like itself
>
> as a test, you might try:
>
> icmp permit any inside
> icmp permit any outside
>
> from cisco comm
as a test, you might try:
icmp permit any inside
icmp permit any outside
from cisco command reference:
"To configure access rules for ICMP traffic that terminates at a
adaptive security appliance interface, use the icmp command."
On Thu, 2011-02-17 at 16:53 -0500, Michael Loether wrote:
> I h
> Also assuming that things are plugged in correctly, from the ASA you can ping
> out to the Internet and to internal hosts, yes?
>
> If that doesn't work set up a syslog box and send the logs there, the ASA has
> excellent logging.
>
> Best of luck.
>
> -wil
I gave up and used the 'ol wr e
On Feb 22, 2011, at 7:03 AM, Michael Loether wrote:
> On Feb 17, 2011, at 5:10 PM, Ryan West wrote:
>> Can you post the show runs for the NAT, ACL, access-groups, and interfaces?
>
> Interfaces:
>
> interface Vlan1
> nameif inside
> security-level 100
> ip address 172.19.1.1 255.255.255.0
> !
>
On Feb 17, 2011, at 5:10 PM, Ryan West wrote:
> Can you post the show runs for the NAT, ACL, access-groups, and interfaces?
Interfaces:
interface Vlan1
nameif inside
security-level 100
ip address 172.19.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 64.183.1
On Feb 17, 2011, at 6:27 PM, Michael K. Smith - Adhost wrote:
> global (outside) 1 interface
The global command is no longer supported as of ASA 8.3. Which is what is
causing my problems I believe. Haven't' quite got my herd wrapped around the
new NAT
Mike
f I try to ping my ASA's default route specifying the inside interface
as the path to take out, the ping fails just like yours did.
cjw
Message: 8
> Date: Thu, 17 Feb 2011 14:53:04 -0700
> From: Michael Loether
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] ASA 5505 doesn
nal Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Pete Lumbis
> Sent: Thursday, February 17, 2011 4:45 PM
> To: Michael Loether
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] ASA 5505 doesn't like itsel
You can't ping like that. You can ping from the inside interface to
the outside, and vice versa. You can test traffic from the inside by
pinging the outside interface for example. There is no way to change
this behavior.
Also ICMP is IP, "permit ip any" will allow ICMP.
The only other thing is th
Can you post the show runs for the NAT, ACL, access-groups, and interfaces?
Sent from handheld
On Feb 17, 2011, at 6:54 PM, "Michael Loether" wrote:
> On Feb 17, 2011, at 4:04 PM, Michael Balasko wrote:
>> Not sure what version of code you are on, but two things. Pre 8.3 code with
>> nat cont
On Feb 17, 2011, at 4:04 PM, Michael Balasko wrote:
> Not sure what version of code you are on, but two things. Pre 8.3 code with
> nat control enabled, you need Fixup protocol icmp and you probably need a
> global statement to match the nat statement. Your nat looks more like a
> static stateme
what does show xlate show?
I'm guessing it's a Nate issue.
Scott
On Thu, Feb 17, 2011 at 1:53 PM, Michael Loether wrote:
> I have a ASA 5505 I am setting up at a small branch office. Working
> towards a site to site VPN but first I need to get it to talk to itself.
> Traffic is not passing f
I have a ASA 5505 I am setting up at a small branch office. Working towards a
site to site VPN but first I need to get it to talk to itself. Traffic is not
passing from inside to outside.
interface Vlan1
nameif inside
security-level 100
ip address 172.19.1.1 255.255.255.0
!
interface Vla
14 matches
Mail list logo