Hi guys, I have configured a Cisco ASA 5505 with two LAN's one for inside (servers) and other for business (users), I can do a ping from business to inside and viceversa hosts, I can authenticate me in the domani MS only when I connect a PC in ports of ASA with access vlan 3, however when I connect a switch via crossover cable to interface business of ASA, and PCs connected to this switch, I can do a ping to my servers, but I start to lost packets, also I can not connect to domain controller. Is there some mismatch o error in my configuration?, thanks in advance, any help is appreciated.
Here my configuration INFFRW01# sh run : Saved : ASA Version 8.0(3) ! hostname INFFRW01 domain-name infonet enable password TKDiZkUkxqC/29zO encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client vpdn group infonet ip address pppoe setroute ! interface Vlan3 nameif business security-level 100 ip address 172.16.1.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 description PCs INFONET LAN switchport access vlan 3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd .tmIcdcvUoZGQ9bt encrypted boot system disk0:/asa803-k8.bin ftp mode passive clock timezone PEST -5 dns server-group DefaultDNS domain-name infonet same-security-traffic permit inter-interface object-group network LAN description network servers network-object 192.168.1.0 255.255.255.0 object-group network Bussiness description network PCsINFONET network-object 172.16.1.0 255.255.255.0 access-list inside_access_in extended permit ip host 192.168.1.21 any access-list inside_access_in extended permit ip host 192.168.1.100 any access-list inside_access_in extended permit ip host 192.168.1.105 any access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0any e q www access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0any e q https access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0any e q ftp access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0any e q ftp-data access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0any e q smtp access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0any e q pop3 access-list inside_access_in extended permit udp 192.168.1.0 255.255.255.0any e q domain access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0any e q sqlnet access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0any e q netbios-ssn access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0any e q 445 access-list inside_access_in extended permit icmp 192.168.1.0 255.255.255.0any echo access-list inside_access_in extended permit icmp 192.168.1.0 255.255.255.0any echo-reply access-list outside_access_in extended permit ip host 64.76.95.138 interface out side access-list business_access_in extended permit ip 172.16.1.0 255.255.255.0 192.1 68.1.0 255.255.255.0 access-list outside_access_out extended permit ip any any access-list business_outbound_nat0_acl extended permit ip object-group Bussiness object-group LAN access-list inside_outbound_nat0_acl extended permit ip object-group LAN object- group Bussiness pager lines 24 logging enable logging timestamp logging monitor notifications logging buffered informational logging asdm informational mtu inside 1500 mtu outside 1500 mtu business 1500 ip verify reverse-path interface outside ip audit name idsattack attack action alarm reset ip audit name idsinfo info action alarm ip audit interface outside idsinfo ip audit interface outside idsattack no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any echo inside icmp permit any echo-reply inside icmp permit host 64.76.95.138 echo outside icmp permit any echo-reply outside asdm image disk0:/asdm-603.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 nat (business) 0 access-list business_outbound_nat0_acl nat (business) 1 0.0.0.0 0.0.0.0 access-group inside_access_in in interface inside access-group business_access_in in interface business route outside 0.0.0.0 0.0.0.0 192.168.20.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa local authentication attempts max-fail 10 http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh timeout 5 console timeout 5 vpdn group infonet request dialout pppoe vpdn group infonet localname [EMAIL PROTECTED] vpdn group infonet ppp authentication chap vpdn username [EMAIL PROTECTED] password ********* dhcpd auto_config outside ! dhcpd address 192.168.1.2-192.168.1.254 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list ! class-map type inspect im match-all InstantMSN match protocol msn-im yahoo-im ! ! policy-map type inspect im IMBlock parameters class InstantMSN drop-connection log ! prompt hostname context Cryptochecksum:cd27619b7d15523a934badb87c74c6f5 : end INFFRW01# conf t INFFRW01(config)# exit INFFRW01# _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
