Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA 5510 communication between inside interfaces(same security level)

Status
Not open for further replies.
Dsaldana2880

Dsaldana2880

IS-IT--Management
Jun 14, 2012
1
US

All

I am lost already I have been reading a lot of fix and suggestion to fix my problem but I am still cannot make it work. I have and ASA 5510 that has two inside interfaces and one outside.

when I try to ping the inside 1 interface to the gateway of interface 2 or vice versa it does not allow me. please help!!!

here is the my configuration:

: Saved
:
ASA Version 8.2(1)
!
hostname OR-FW-01
enable password nF1ewpJIfsOH9CKy encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names

name 10.100.110.0 AUS-CORP-MRK1 description AUS-CORP-MRK1
!
interface Ethernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 217.220.27.26 255.255.255.0
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address 10.100.1.1 255.255.255.0
!
interface Ethernet0/2
description Meraki Network
nameif Meraki
security-level 100
ip address 10.100.113.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service RDP tcp
port-object eq 3389

access-list Inside_nat0_outbound extended permit ip any 192.168.156.0 255.255.255.224
access-list Inside_nat0_outbound extended permit ip 10.100.1.0 255.255.255.0 10.100.113.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 10.100.1.0 255.255.255.0 AUS-CORP-MRK1 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any any eq 3389
access-list outside_access_in remark TS Services
access-list outside_access_in extended permit tcp any host 207.200.18.35 eq https
access-list outside_access_in extended permit icmp any any
access-list Meraki_nat0_outbound extended permit ip 10.100.113.0 255.255.255.0 AUS-CORP-MRK1 255.255.255.0
access-list Meraki_nat0_outbound extended permit ip 10.100.113.0 255.255.255.0 10.100.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu Inside 1500
mtu Meraki 1500
mtu management 1500
ip local pool RAS_POOL 192.168.156.1-192.168.156.20 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (outside) 1 192.168.156.0 255.255.255.0
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 0.0.0.0 0.0.0.0
nat (Meraki) 0 access-list Meraki_nat0_outbound
nat (Meraki) 1 0.0.0.0 0.0.0.0
static (Inside,Meraki) 10.100.113.0 10.100.113.0 netmask 255.255.255.0
static (Meraki,Inside) 10.100.1.0 10.100.1.0 netmask 255.255.255.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 217.220.27.25 1
route Meraki AUS-CORP-MRK1 255.255.255.0 10.100.113.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Acmo-Radius protocol radius
aaa-server Acmo-Radius (Inside) host 10.100.1.10
key OSDVII
radius-common-pw OSDVII
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 Inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 Inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.100.1.200-10.100.1.239 Inside
dhcpd dns 10.100.1.10 10.100.1.11 interface Inside
dhcpd domain acmo.local interface Inside
dhcpd enable Inside
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept


!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:e48637ac8c715f064e6a6c6fbc14f754
: end

What i am doing wrong???

Thanks for your help
 
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
295
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
266
intel233
intel233
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
176
gkreg
gkreg
phjames
  • Locked
  • Question
Replacement for ASA-5510
Replies
1
Views
89
ADB100
ADB100
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
195
AllenH12
AllenH12

Part and Inventory Search

Sponsor

Back
Top