Cisco asa 5510 configure 3 inside interface without VLAN

[blazt3red]

I have a cisco asa 5510 base license, i configure the interfaces as follows
interface 0/0 -----outside
interface 0/1 --- DMZ(server)
interface 0/2---- inside1
interface 0/3 ----inside2

inside 1 and inside 2 can access DMZ can view and search the shared files.

on the DMZ we have a foxpro application, inside 2 to DMZ connection using foxpr application function correctly.

But the inside1 to DMZ has an error on the fox pro application it state that connection problem. But i can browse the database and other shared files. But when we encode data inthe fox pro it has an error that write failed.

I used dynamic NAT from inside1 to DMZ and inside2 to DMZ.

can anyone help me on this .

Thanl you

 

[IAMBILLGATES]

Are the subnet masks the same?

 

[blazt3red]

Thank you for the reply

they are different subnet

here's the subnet

1.172.16.0.1 255.255.255.0
2.172.16.1.1 255.255.255.0
3.172.16.2.1 255.255.255.0

Thank you

 

[blazt3red]

: Saved
:
ASA Version 8.2(5)
!
hostname ciscoasa
enable password ****************
passwd **************************
names
name 172.16.0.65 Alex description dep01
name 172.16.1.52 Angie description dep02
name 172.16.1.53 AnnaMae description dep02
name 172.16.0.68 Chris description dep01
name 172.16.1.54 Dang description dep02
name 172.16.1.50 Edna description dep02
name 172.16.0.69 Ethel description dep01
name 172.16.0.63 Florie description dep01
name 172.16.1.56 Girlie description dep02
name 172.16.0.55 Grace description dep01
name 172.16.0.56 Irene description dep01
name 172.16.1.57 Jane description dep02
name 172.16.0.61 Jenny description dep01
name 172.16.0.58 Joan description dep01
name 172.16.1.51 Jovee description dep02
name 172.16.1.61 Julie description dep02
name 172.16.0.59 Julieanne description dep01
name 172.16.1.58 Karen description dep02
name 172.16.0.70 Lara description dep01
name 172.16.1.62 Mae description dep02
name 172.16.0.71 Malou description dep01
name 172.16.1.55 Marlyn description dep02
name 172.16.0.67 Melody description dep01
name 172.16.1.59 Myra description dep02
name 172.16.0.54 NANETTE description dep01
name 172.16.0.60 Nida description dep01
name 172.16.0.66 RomelBo description dep01
name 172.16.0.62 Rose description dep01
name 172.16.0.57 Shiela description dep01
name 172.16.1.60 Shirley description dep02
name 172.16.0.64 Virgie description dep01
name 172.16.1.3 Vivian description dep02
name 172.16.1.64 Zyrell description dep02
name 172.16.1.66 Chin description dep02
name 172.16.1.67 Grethel description dep02
name 172.16.1.65 Marivic description dep02
name 172.16.2.51 Alirose description dep03
name 172.16.0.81 Borland description dep01
name 172.16.2.50 Dennis description dep03
name 172.16.2.61 ITCONS description dep03
name 172.16.0.80 ITFandA description dep01
name 172.16.2.52 Imee description dep03
name 172.16.2.60 InternetCons description dep03
name 172.16.1.80 InternetMktng description dep02
name 172.16.2.54 Melvin description dep03
name 172.16.2.53 Paolo description dep03
!
interface Ethernet0/0
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/1
nameif DEPT01
security-level 50
ip address 172.16.0.1 255.255.255.0
!
interface Ethernet0/2
nameif DEPT02
security-level 90
ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0/3
nameif DEPT03
security-level 100
ip address 172.16.2.1 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
regex urllist1 ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt])HTTP/1.[01]"
regex urllist2 ".*\.([Pp][Ii][Ff]|[Vv][Bb][Ss]|[Ww][Ss][Hh])HTTP/1.[01]"
regex urllist3 ".*\.([Zz][Ii][Pp]|[Tt][Aa][Rr]|[Tt][Gg][Zz])HTTP/1.[01]"
regex NBAblock ".*NBA.*"
regex domainlist1 "\.yahoo\.com"
regex domainlist2 "\.myspace\.com"
regex domainlist3 "\.youtube\.com"
regex domainlist4 ".*facebook.*"
regex domainlist5 ".*twitter.*"
regex domainlist6 ".*job.*"
regex domainlist7 ".*workabroad.*"
regex nba ".*nba.*"
regex Urlist4 ".*\.([Dd][Oc][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt])HTTP/1.[01]"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
!
time-range facebook
absolute start 12:00 02 September 2012 end 13:00 02 September 2012
periodic Monday Wednesday Thursday Friday Saturday Sunday 12:00 to 13:59
!
ftp mode passive
clock timezone PHST 8
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network FandA
network-object host NANETTE
network-object host Grace
network-object host Irene
network-object host Shiela
network-object host Joan
network-object host Julieanne
network-object host Nida
network-object host Jenny
network-object host Rose
network-object host Florie
network-object host Virgie
network-object host Alex
network-object host RomelBo
network-object host Melody
network-object host Chris
network-object host Ethel
network-object host Lara
network-object host Malou
network-object host ITFandA
network-object host Borland
object-group network Marketing
network-object host Vivian
network-object host Edna
network-object host Jovee
network-object host Angie
network-object host AnnaMae
network-object host Dang
network-object host Marlyn
network-object host Girlie
network-object host Jane
network-object host Karen
network-object host Myra
network-object host Shirley
network-object host Julie
network-object host Mae
network-object host Zyrell
network-object host Marivic
network-object host Chin
network-object host Grethel
network-object host InternetMktng
object-group network Construction
network-object host Dennis
network-object host Alirose
network-object host Imee
network-object host Paolo
network-object host Melvin
network-object host InternetCons
network-object host ITCONS
object-group service DM_INLINE_SERVICE_1
service-object tcp-udp eq www
service-object tcp eq https
access-list DEPT01_mpc extended permit object-group TCPUDP object-group FandA any eq

http://www time-range

facebook
access-list DEPT03_mpc extended permit object-group DM_INLINE_SERVICE_1 object-group Construction any
access-list DEPT01_mpc_1 extended permit object-group TCPUDP object-group FandA any eq www
pager lines 24
logging asdm informational
mtu outside 1500
mtu DEPT01 1500
mtu DEPT02 1500
mtu DEPT03 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (DEPT01) 1 interface
nat (DEPT01) 1 172.16.0.0 255.255.255.0
nat (DEPT02) 1 172.16.1.0 255.255.255.0
nat (DEPT03) 1 172.16.2.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.16.2.0 255.255.255.0 DEPT03
http 172.16.0.0 255.255.255.0 DEPT01
http 172.16.1.0 255.255.255.0 DEPT02
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface outside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username ARJIE password xiERNslRJCoH/IVk encrypted privilege 15
username MAGD password MTRLD0NC.7FtrUHw encrypted privilege 15
username borland password Gpg9PEIMdpW9o4HL encrypted privilege 15
!
class-map DEPT03-class
match access-list DEPT03_mpc
class-map DEPT01-class
match access-list DEPT01_mpc_1
class-map type regex match-any Urllistblock
match regex urllist2
class-map type inspect http match-all BlockURLClass
match request uri regex class Urllistblock
class-map type regex match-any DomainBlocklist
match regex domainlist3
match regex domainlist2
match regex domainlist1
match regex domainlist4
match regex domainlist5
match regex domainlist6
match regex domainlist7
match regex NBAblock
match regex nba
class-map type inspect http match-all BlockDomainClass
match request header host regex class DomainBlocklist
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all AppHeaderClass
match request header regex contenttype regex applicationheader
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map type inspect http HTTP_INSPCTION_POLICY
parameters
protocol-violation action drop-connection
match request method connect
drop-connection log
class AppHeaderClass
drop-connection log
class BlockDomainClass
reset log
class BlockURLClass
reset log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
policy-map DEPT01-policy
class DEPT01-class
inspect http HTTP_INSPCTION_POLICY
policy-map DEPT03-policy
class DEPT03-class
inspect http HTTP_INSPCTION_POLICY
!
service-policy global_policy global
service-policy DEPT01-policy interface DEPT01
service-policy DEPT03-policy interface DEPT03
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c849df8fcdf770623800cc8d74d115ff
: end
asdm location NANETTE 255.255.255.255 DEPT03
asdm location Grace 255.255.255.255 DEPT03
asdm location Irene 255.255.255.255 DEPT03
asdm location Shiela 255.255.255.255 DEPT03
asdm location Joan 255.255.255.255 DEPT03
asdm location Julieanne 255.255.255.255 DEPT03
asdm location Nida 255.255.255.255 DEPT03
asdm location Jenny 255.255.255.255 DEPT03
asdm location Rose 255.255.255.255 DEPT03
asdm location Florie 255.255.255.255 DEPT03
asdm location Virgie 255.255.255.255 DEPT03
asdm location Alex 255.255.255.255 DEPT03
asdm location RomelBo 255.255.255.255 DEPT03
asdm location Melody 255.255.255.255 DEPT03
asdm location Chris 255.255.255.255 DEPT03
asdm location Ethel 255.255.255.255 DEPT03
asdm location Lara 255.255.255.255 DEPT03
asdm location Malou 255.255.255.255 DEPT03
asdm location Vivian 255.255.255.255 DEPT03
asdm location Edna 255.255.255.255 DEPT03
asdm location Jovee 255.255.255.255 DEPT03
asdm location Angie 255.255.255.255 DEPT03
asdm location AnnaMae 255.255.255.255 DEPT03
asdm location Dang 255.255.255.255 DEPT03
asdm location Marlyn 255.255.255.255 DEPT03
asdm location Girlie 255.255.255.255 DEPT03
asdm location Karen 255.255.255.255 DEPT03
asdm location Myra 255.255.255.255 DEPT03
asdm location Shirley 255.255.255.255 DEPT03
asdm location Julie 255.255.255.255 DEPT03
asdm location Mae 255.255.255.255 DEPT03
asdm location Zyrell 255.255.255.255 DEPT03
asdm location Jane 255.255.255.255 DEPT03
asdm location Marivic 255.255.255.255 DEPT03
asdm location Chin 255.255.255.255 DEPT03
asdm location Grethel 255.255.255.255 DEPT03
asdm location ITFandA 255.255.255.255 DEPT03
asdm location Borland 255.255.255.255 DEPT03
asdm location InternetMktng 255.255.255.255 DEPT03
asdm location Dennis 255.255.255.255 DEPT03
asdm location Alirose 255.255.255.255 DEPT03
asdm location Imee 255.255.255.255 DEPT03
asdm location Paolo 255.255.255.255 DEPT03
asdm location Melvin 255.255.255.255 DEPT03
asdm location InternetCons 255.255.255.255 DEPT03
asdm location ITCONS 255.255.255.255 DEPT03
no asdm history enable



I attached my configuration....the 3 inside interface are communicating to each other but when we run the foxpro sotfware it state that invalid seek offset...

Could you please check my config for error on nat

 

[blazt3red]

I can ping the server and access shared files.

But when i run the fox pro application that the database reside on the server it has an error of "Invalid Seek offset"

Can anyone help me with this.. This error occur on 172.16.1.0 but when i remove the nat on 172.16.2.0 it has no error displayed it works fine.

Can someone check my configuration if there's a problem with it.

Thank you

 

[unclerico]

try one of these solutions:

static (DEPT03,DEPT02) 172.16.2.0 172.16.2.0 netmask 255.255.255.0
static (DEPT02,DEPT03) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
or

nat (DEPT03) 0 access-list dept03_nonat
nat (DEPT02) 0 access-list dept02_nonat

access-list dept03_nonat extended permit ip 172.16.2.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list dept02_nonat extended permit ip 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0

 

[blazt3red]

thank you for the reply...

i already try the solutions that you suggest still the problem persist.

 

[unclerico]

Try removing this

global (DEPT01) 1 interface

 

[blazt3red]

Thanks

ok i'll try to remove the global (DEPT01) 1 interface

but if ever i remove i can go through the internet

by using my 3 different subnet

thank you

 

[unclerico]

that command should not keep your devices on the DEPT01 network from reaching the Internet as you have an existing global (outside) 1 interface command in place