1. Home
  2. Cisco Systems
  3. Cisco ASA 5505 causing network down

Cisco ASA 5505 causing network down

Hi all, I have done following config on ASA 5505, ASA Version 7.2(3) ! hostname FW1 domain-name STJOHN enable password * encrypted names name 10.6.1.1 GlobalIP ! interface Vlan1 nameif inside security-level 100 ip address 1.1.8.1 255.255.0.0 ! interface Vlan2 nameif outside security-level 0 ip address GlobalIP 255.255.255.248 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive clock timezone WST -11 dns server-group DefaultDNS domain-name STJOHN object-group network CLI2 network-object host 1.1.8.1 network-object host GlobalIP access-list outside_to_inside extended permit tcp any interface outside eq 50003 log errors pager lines 24 logging enable logging asdm errors mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 nat-control global (inside) 1 1.1.0.0-1.1.2.254 netmask 255.0.0.0 global (outside) 1 interface static (inside,outside) tcp interface 50003 1.1.8.10 50003 netmask

255.255.255.255 access-group outside_to_inside in interface outside route outside 0.0.0.0 0.0.0.0 10.6.1.6 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable http 1.1.8.10 255.255.255.255 inside http 1.1.0.0 255.255.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh timeout 5 console timeout 0

! ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 ! prompt hostname context Cryptochecksum:* : end asdm image disk0:/asdm-523.bin no asdm history enable

With this config packest sent from outside interface to ip 10.6.1.1 are forwared to inside host 1.1.8.10 & this inside host sends ack to the sender.

But when I connect thi ASA to our network. Network stops giving many errors like

Deny inbound UDP from 1.1.x.x/1041 to 1.1.x.x/161 on interface inside Inbound TCP connection denied from 1.1.x.x/1419 to 1.1.x.x/1525 flags RST on interface inside Inbound TCP connection denied from 1.1.x.x/1494 to 1.1.x.x/1175 flags RST on interface inside Inbound TCP connection denied from 1.1.x.x/49534 to 1.1.x.x/135 flags SYN on interface inside Inbound TCP connection denied from 1.1.x.x/139 to 1.1.x.x/4215 flags PSH ACK on interface inside Inbound TCP connection denied from 1.1.x.x/1494 to 1.1.x.x/1029 flags PSH ACK on interface inside Deny inbound UDP from 1.1.x.x/1032 to 1.1.x.x/53 due to DNS Query

Any suggestions?

Reply to
pravin21971
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.