Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

CISCO ASA 5520 doesn't working

  • Filter
  • Time
  • Show
Clear All
new posts

  • CISCO ASA 5520 doesn't working

    hello All,

    Have a good day!!

    Before describing the problem, have a brief look at my network diagram. I have an INSIDE ( and a DMZ ( My OUTSIDE interface ( is directly connected to a Linux PC ( which acts as a router.

    Its another interface IP is which is connected to another CISCO ASA 5520 ( and this firewall is connected to OFFICE_LAN and WAN.

    My objective is from INSIDE ( and DMZ ( we wanna access the OFFICE_LAN (billing and other application) and WAN after CISCO ASA 5520 ( firewall. And from the OFFICE_LAN we wanna have the access (e.g. ping, remote desktop, icmp, www) in INSIDE and DMZ zone.

    here is the current configuration:
    FW# sh running-config

    : Saved


    ASA Version 7.0(


    hostname FW

    domain-name default.domain.invalid

    enable password 2KFQnbNIdI.2KYOU encrypted

    passwd 2KFQnbNIdI.2KYOU encrypted




    interface GigabitEthernet0/0

    description WAN_Interface

    duplex full

    nameif outside

    security-level 0

    ip address


    interface GigabitEthernet0/1

    description LAN_Interface

    duplex full

    nameif inside

    security-level 100

    ip address


    <--- More --->

    interface GigabitEthernet0/2

    description DMZ_Interface

    duplex full

    nameif dmz

    security-level 100

    ip address


    interface GigabitEthernet0/3


    no nameif

    no security-level

    no ip address


    interface Management0/0

    nameif management

    security-level 100

    ip address



    ftp mode passive

    dns domain-lookup outside

    dns name-server

    dns name-server

    same-security-traffic permit inter-interface

    <--- More --->

    same-security-traffic permit intra-interface

    access-list 101 extended permit ip any any

    access-list 102 extended permit ip any any

    access-list 103 extended permit ip any any

    pager lines 24

    mtu outside 1500

    mtu inside 1500

    mtu dmz 1500

    mtu management 1500

    no failover

    asdm image disk0:/asdm-508.bin

    no asdm history enable

    arp timeout 14400

    access-group 101 in interface outside

    access-group 102 in interface inside

    access-group 103 out interface dmz

    route outside 1

    timeout xlate 3:00:00

    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

    timeout uauth 0:05:00 absolute

    http server enable

    http inside

    <--- More --->

    http management

    snmp-server enable traps snmp authentication linkup linkdown coldstart

    snmp-server enable traps syslog

    crypto ipsec security-association lifetime seconds 28800

    crypto ipsec security-association lifetime kilobytes 4608000

    telnet inside

    telnet timeout 5

    ssh inside

    ssh timeout 5

    console timeout 0

    dhcpd address inside

    dhcpd address management

    dhcpd dns

    dhcpd lease 259200

    dhcpd ping_timeout 50

    dhcpd option 3 ip

    dhcpd enable inside

    dhcpd enable management

    <--- More --->


    class-map inspection_default

    match default-inspection-traffic



    policy-map global_policy

    class inspection_default

    inspect dns maximum-length 512

    inspect ftp

    inspect h323 h225

    inspect h323 ras

    inspect netbios

    inspect rsh

    inspect rtsp

    inspect skinny

    inspect esmtp

    inspect sqlnet

    inspect sunrpc

    inspect tftp

    inspect sip

    inspect xdmcp


    service-policy global_policy global


    <--- More --->

    : end



    With this config, INSIDE and DMZ communication is ok, but i cant go OUTSIDE that means i cant ping In reverse way from the OFFICE_LAN, i can able to ping up-to (OUTSIDE of CISCO ASA 5520). INSIDE and DMZ are not ping able.

    Sorry for the long mail.

    Thanks in Advance


  • #2
    Re: CISCO ASA 5520 doesn't working

    1. INSIDE can access OFFICE and INTERNET
    2. DMZ can access OFFICE and INTERNET
    3. INSIDE and DMZ can access each other (all permissive)
    4. OFFICE can access DMZ especially http
    5. OFFICE can access INSIDE's web

    Is there no one else to help me out there??
    Attached Files


    • #3
      Re: CISCO ASA 5520 doesn't working

      resolved by myself.


      • #4
        Re: CISCO ASA 5520 doesn't working

        Could you please share your resolution so others can benefit from it.


        • #5
          Re: CISCO ASA 5520 doesn't working

          Also your drawing is incomplete.
          Technical Consultant

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"