Announcement

Collapse
No announcement yet.

asa5505 ... cant set up a route ??

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • asa5505 ... cant set up a route ??

    Hi --- I wonder if anyone else can help me .. Im at a total loss !!

    In have connected into port 2 an isolated network 10.0.9.x ... this is totally seperate to my other network and no routes exist between the two
    I simply want to have an RDP access ... I can access the internet and when I try and do an oper port check to the external address ending .251 the cisco sees the hit but doesnt send any traffic
    Port 2 on my cisco simply plugs into a basic hub with 2 computers the other end.

    If I come in on .252 externally this works and goes to the other machine (on different network)

    but not when I come in .251 !!!

    Please could someone take a look at the config and tell me what I am doing wrong .. am I missing a route somewhere ?


    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    switchport access vlan 22
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    switchport access vlan 12
    !
    interface Ethernet0/5
    switchport access vlan 12
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.1.254 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    ip address 81.41.242.249 255.255.255.248
    !
    interface Vlan12
    nameif public-wifi
    security-level 100
    ip address 192.168.8.254 255.255.255.0
    !
    interface Vlan22
    nameif linnaeus
    security-level 100
    ip address 10.0.9.100 255.255.255.0
    !
    ftp mode passive
    clock timezone GMT/BST 0
    clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
    dns domain-lookup inside
    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server 10.0.1.2
    domain-name willows.local
    object-group network EPA
    description Email Systems IP Ranges
    network-object EPA3 255.255.255.0
    network-object EPA1 255.255.255.240
    network-object EPA2 255.255.255.192
    network-object EPA9 255.255.248.0
    network-object EPA10 255.255.254.0
    network-object EPA11 255.255.254.0
    network-object EPA12 255.255.254.0
    network-object EPA4 255.255.240.0
    network-object EPA8 255.255.248.0
    network-object EPA5 255.255.240.0
    network-object EPA6 255.255.248.0
    network-object EPA7 255.255.248.0
    object-group service RDP tcp
    description Remote Desktop
    port-object eq 3386
    object-group service VNC tcp
    description VNC Viewer
    port-object eq 3386
    port-object eq 3387
    port-object eq 3388
    port-object eq 3389
    object-group network Fuji
    network-object host FUJI2
    network-object host FUJI
    network-object host FUJI3
    network-object host curtis
    object-group network EPA-LDAP
    description LDAP auth for EPA
    network-object host 176.34.228.109
    network-object host 176.34.228.117
    network-object host 176.34.228.121
    network-object host 176.34.228.76
    network-object host 46.137.116.147
    network-object ldaps-1 255.255.252.0
    network-object LDAPS-2 255.255.248.0
    network-object LDAPS-3 255.255.255.0
    network-object LDAPS-4 255.255.255.0
    network-object MIKETEST 255.255.255.0
    object-group service rdp2 tcp
    group-object RDP
    port-object eq 3385
    port-object eq https
    object-group service r3389 tcp
    port-object eq 3389
    object-group service https_and_6001 tcp
    port-object eq 6001
    port-object eq 6002
    port-object eq 6003
    port-object eq 6004
    port-object eq https
    object-group service fujIrequest tcp
    port-object eq 2837
    port-object eq 2861
    port-object eq 2876
    port-object eq 2898
    port-object eq 3011
    port-object eq 3030
    port-object eq 5900
    port-object eq 3387
    object-group service oayrollpc tcp
    description payrollpc
    port-object eq 3375
    object-group service port1433 tcp
    port-object eq 1433
    object-group service port1433single
    service-object tcp eq 1433
    object-group service DM_INLINE_SERVICE_1
    service-object tcp-udp eq www
    service-object tcp eq https
    access-list outside_access_in remark Allow SMTP access from EPA
    access-list outside_access_in extended permit tcp object-group EPA host 81.71.242.253 eq smtp
    access-list outside_access_in remark Allow LDAPS access from EPA
    access-list outside_access_in extended permit tcp object-group EPA-LDAP 81.41.242.248 255.255.255.248 eq ldaps
    access-list outside_access_in extended permit tcp object-group EPA-LDAP 81.41.242.248 255.255.255.248 eq ldap inactive
    access-list outside_access_in remark RDP
    access-list outside_access_in extended permit tcp any host 81.41.242.252 object-group r3389
    access-list outside_access_in extended permit tcp any host 81.41.242.251 object-group r3389
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any 81.41.242.248 255.255.255.248
    access-list outside_access_in remark VPN
    access-list outside_access_in extended permit gre any 81.41.242.248 255.255.255.248
    access-list outside_access_in remark Fuji RDP access to Synapse Server
    access-list outside_access_in extended permit ip object-group Fuji 81.71.242.248 255.255.255.248
    access-list outside_access_in remark GE
    access-list outside_access_in extended permit udp host 195.177.212.157 host 81.41.242.252 eq isakmp
    access-list outside_access_in extended permit tcp any 81.41.242.248 255.255.255.248 eq pptp
    access-list outside_access_in extended permit gre any host 81.41.242.253
    access-list outside_access_in extended permit tcp any 81.41.242.248 255.255.255.248 object-group fujIrequest
    access-list outside_access_in extended permit tcp any 81.41.242.248 255.255.255.248 object-group oayrollpc inactive
    access-list outside_access_in extended permit tcp any host 81.41.242.253 object-group port1433 inactive
    access-list outside_access_in extended permit tcp any 81.41.242.248 255.255.255.248 eq 1433
    access-list inside_access_in extended permit gre any any
    access-list inside_access_in extended permit ip any any
    access-list inside_nat0_outbound extended permit ip 10.0.1.0 255.255.255.0 192.168.10.0 255.255.255.0
    access-list inside_nat0_outbound remark VLAN6
    access-list inside_nat0_outbound extended permit ip 10.0.2.0 255.255.255.0 192.168.10.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip 10.0.3.48 255.255.255.240 150.2.0.0 255.255.0.0
    access-list inside_nat0_outbound extended permit ip any 10.0.1.192 255.255.255.192
    access-list outside_2_cryptomap extended permit ip 10.0.3.48 255.255.255.240 150.2.0.0 255.255.0.0
    access-list public-wifi_access_in extended permit ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu public-wifi 1500
    mtu linnaeus 1500
    ip local pool VPN 10.0.1.220-10.0.1.230 mask 255.255.255.0
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any echo-reply outside
    asdm image disk0:/asdm-645.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    nat (public-wifi) 1 0.0.0.0 0.0.0.0
    nat (linnaeus) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp 81.41.242.252 3389 WillowsTS 3389 netmask 255.255.255.255
    static (inside,outside) tcp 81.41.242.251 3389 10.0.9.9 3389 netmask 255.255.255.255
    access-group inside_access_in in interface inside
    access-group outside_access_in in interface outside
    access-group public-wifi_access_in in interface public-wifi
    route outside 0.0.0.0 0.0.0.0 81.41.242.254 1
    route inside 10.0.2.0 255.255.255.0 10.0.1.100 1
    route inside 10.0.3.0 255.255.255.0 10.0.1.100 1
    route inside 10.0.4.0 255.255.255.0 10.0.1.100 1
    route inside 10.0.5.0 255.255.255.0 10.0.1.100 1
    route inside 192.168.10.0 255.255.255.0 10.0.1.100 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    nac-policy DfltGrpPolicy-nac-framework-create nac-framework
    reval-period 36000
    sq-period 300
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    http server enable
    http 10.0.1.2 255.255.255.255 inside
    http 10.0.0.0 255.255.255.0 inside
    http 10.0.1.0 255.255.255.0 inside


    Thanks
    Mike

  • #2
    Not sure if anyone can help .. but also when I look in the log for the asa the packet comes in and then reads:

    6 Aug 04 2016 09:51:41 82.32.89.30 64148 10.0.9.9 3389 Teardown TCP connection 270840007 for outside:82.32.89.30/64148 to inside:10.0.9.9/3389 duration 0:00:00 bytes 0 No valid adjacency

    Comment


    • #3
      ASA by default when you create networks you cannot ping and get a result it will reply no route to host , this is because the routing table has not been built . You will need to atleast connect a host to the network and this time your route table will be successful.

      Comment

      Working...
      X