![]() ![]() The ASA is doing Qemu from my laptop no VM. I reverted back to the config I ran prior to it breaking still notihing. The funny thing is everything was pinging with no access lists/groups & at some point I restarted GNS3 & it never work after that. Remember security level 100 is full protection so you need explicitly allow the access, in few words using ACLs.īoth pc's are able to ping their own gateway. Then apply them to the access-group like we do on the routers.Īccess-group VLAN-2-IN in interface vlan2Īccess-group VLAN-3-IN in interface vlan3 In order to make it work, you need to create ACLs on the firewall, example:Īccess-list VLAN-2-IN extended permit icmp any any echoĪccess-list VLAN-2-IN extended permit icmp any any echo-replyĪccess-list VLAN-2-IN extended permit ip any anyĪccess-list VLAN-3-IN extended permit icmp any any echoĪccess-list VLAN-3-IN extended permit icmp any any echo-replyĪccess-list VLAN-3-IN extended permit ip any any Now if you are going to use sub-interfaces you need a switch (with a trunk interface) or router (with the same sub interfaces) facing the firewall. The parent interface should not have any IP addressing or name configured: Subscribe-to-alert-group telemetry periodic dailyĬryptochecksum:2c391b206dfd8073446c7b05db3d6b73 ![]() Subscribe-to-alert-group configuration periodic monthly Subscribe-to-alert-group inventory periodic monthly No threat-detection statistics tcp-interceptĭestination address email transport-method http ![]() Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absoluteĭynamic-access-policy-record DfltAccessPolicy Icmp unreachable rate-limit 1 burst-size 1 Same-security-traffic permit intra-interface Here is my config.Įnable password 8Ry2YjIyt7RRXU24 encrypted I know ASA on gns3 is hit or miss so i've rebooted/started all devices after writing the commands which has not worked. "same-security-traffic permit intra-interface" which I was lead to believe would allow both networks to talk. Both pc's can ping there own gateways and I added the command. My problem is I cannot ping from pc1 to pc2. I learned that there are no cisco switches in gns3 (whatever.) Anyway I just created to interfaces with IP addresses (LAN's) and connected 2 pc's directly to the ASA to fulfill my goals. I created 2 subinterfaces (vlan 2 & 3) with the intension of running a cisco switch having one pc on one vlan & one pc on the other. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |