Newbie here!! About ACL issue

[tanlccc]

Trying to configure the following CISCO ASA5510 (8.3.1 version) interfaces:

> interface Ethernet0/0
> nameif OUTSIDE
> security-level 0
> ip address 192.168.152.248 255.255.255.0

> interface Management0/0
> nameif MGMT
> security-level 100
> ip address 192.168.158.248 255.255.255.0


I cannot 'ping' 192.168.152.248 via MGMT interface? How come?

Do I need to create access-list and static NAT? What else do I need to ensure in the configuration?

 

[UltraZero]

So.. are you sitting behind the management interface??

If so, that means you are trying to send packets to the interface, then to 192.168.152.248 and then you want a reply.

So.. you are going from a security level of 100 to 0 and then back to 100.

I think the return trip is where the trap is.

You need an access-list to allow packets to go from interface outside to inside..

I'm kinda new at this,but, I have gotten my IPv4 unit to work.

 

[UltraZero]

Hmmm. Actually, after thinking about it. I remember I could not ping all interfaces of my Pix/ASA. I think I could ping outside the interface of my firewall, but, not the actual interfaces themselves(the outside interface I am talking about). I think I could ping the inside interface from behind the inside interface and I could ping any other interface outside of the pix weather it was something in the DMZ or elsewhere, but, not the interfaces directly.

Something like that.

Try to put something on the outside of the outside interface as a target to ping. Then establish a route command to get there.

route outside 0.0.0.0 0.0.0.0 192.168.152.148 1.

I do have a question for you. Since you have an ASA with OS verion 8.3.1
are there any routing protocols built in to the unit.

the easiest way I got my unit to work was fixed my ACLs and setup EIGRP or OSPF. After that (still a routing command was setup) all worked and my entire IPv4 network could see everything (the networks behind each interface on the ASA so long as there was a router bahind those ports. In my case, I have this situation)]

I actually want to know if there is OSPF v3 on the ASA which works with IPV6. Thanks

 

[tanlccc]

Hi UltraZero,

You are right that I can't ping the interfaces of the firewall devices.

I have setup the network such that a router is connected to the outside interface of the firewall device. I can now ping the router from the host machine that is connected to the inside interface of the firewall device.

Previously, I can't do that because I did not enable ip routing in my router

 

[UltraZero]

Yea. I went through that. I wish Cisco kept developing the Pix and the software. I think the product is pretty useful. Maybe they should have made a lower line of product like the Pix and an upper line like the ASA.

I'm still amazed no routing protocols are not on the Pix.

This is part of my problem.

anyway. Good to hear you got that working..

I take it you can get traffic out of the management interface correct??