Hi, Cisco friends, the issue was solved, the problem was a unmanaged dlink switch, I changed it with a switch 3COM, now Cisco ASA works fine.
Regards. On 3/6/08, Fields, Jesse <[EMAIL PROTECTED]> wrote: > > I have ran into a similar problem recently on a 5505 and kicked myself > for overlooking it. Try hard setting your port speed/duplex on the ASA > and switch. GL > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jorge > Evangelista > Sent: Thursday, March 06, 2008 7:03 AM > To: [email protected] > Subject: [c-nsp] ASA help configuration > > Hi guys, > > I have configured a Cisco ASA 5505 with two LAN's one for inside > (servers) > and other for business (users), I can do a ping from business to > inside > and viceversa hosts, I can authenticate me in the domani MS only when I > connect a PC in ports of ASA with access vlan 3, however when I connect > a > switch via crossover cable to interface business of > ASA, and PCs connected to this switch, > I can do a ping to my servers, but I start to lost packets, also I can > not connect to domain controller. > Is there some mismatch o error in my configuration?, thanks in advance, > any > help is appreciated. > > > > > Here my configuration > > INFFRW01# sh run > : Saved > : > ASA Version 8.0(3) > ! > hostname INFFRW01 > domain-name infonet > enable password TKDiZkUkxqC/29zO encrypted > names > ! > interface Vlan1 > nameif inside > security-level 100 > ip address 192.168.1.1 255.255.255.0 > ! > interface Vlan2 > nameif outside > security-level 0 > pppoe client vpdn group infonet > ip address pppoe setroute > ! > interface Vlan3 > nameif business > security-level 100 > ip address 172.16.1.1 255.255.255.0 > ! > interface Ethernet0/0 > switchport access vlan 2 > ! > interface Ethernet0/1 > ! > interface Ethernet0/2 > ! > interface Ethernet0/3 > description PCs INFONET LAN > switchport access vlan 3 > ! > interface Ethernet0/4 > ! > interface Ethernet0/5 > ! > interface Ethernet0/6 > ! > interface Ethernet0/7 > ! > passwd .tmIcdcvUoZGQ9bt encrypted > boot system disk0:/asa803-k8.bin > ftp mode passive > clock timezone PEST -5 > dns server-group DefaultDNS > domain-name infonet > same-security-traffic permit inter-interface > object-group network LAN > description network servers > network-object 192.168.1.0 255.255.255.0 > object-group network Bussiness > description network PCsINFONET > network-object 172.16.1.0 255.255.255.0 > access-list inside_access_in extended permit ip host 192.168.1.21 any > access-list inside_access_in extended permit ip host 192.168.1.100 any > access-list inside_access_in extended permit ip host 192.168.1.105 any > access-list inside_access_in extended permit tcp 192.168.1.0 > 255.255.255.0any e > q www > access-list inside_access_in extended permit tcp 192.168.1.0 > 255.255.255.0any e > q https > access-list inside_access_in extended permit tcp 192.168.1.0 > 255.255.255.0any e > q ftp > access-list inside_access_in extended permit tcp 192.168.1.0 > 255.255.255.0any e > q ftp-data > access-list inside_access_in extended permit tcp 192.168.1.0 > 255.255.255.0any e > q smtp > access-list inside_access_in extended permit tcp 192.168.1.0 > 255.255.255.0any e > q pop3 > access-list inside_access_in extended permit udp 192.168.1.0 > 255.255.255.0any e > q domain > access-list inside_access_in extended permit tcp 192.168.1.0 > 255.255.255.0any e > q sqlnet > access-list inside_access_in extended permit tcp 192.168.1.0 > 255.255.255.0any e > q netbios-ssn > access-list inside_access_in extended permit tcp 192.168.1.0 > 255.255.255.0any e > q 445 > access-list inside_access_in extended permit icmp 192.168.1.0 > 255.255.255.0any > echo > access-list inside_access_in extended permit icmp 192.168.1.0 > 255.255.255.0any > echo-reply > access-list outside_access_in extended permit ip host 64.76.95.138 > interface > out > side > access-list business_access_in extended permit ip 172.16.1.0 > 255.255.255.0 > 192.1 > 68.1.0 255.255.255.0 > access-list outside_access_out extended permit ip any any > access-list business_outbound_nat0_acl extended permit ip object-group > Bussiness > object-group LAN > access-list inside_outbound_nat0_acl extended permit ip object-group LAN > object- > group Bussiness > pager lines 24 > logging enable > logging timestamp > logging monitor notifications > logging buffered informational > logging asdm informational > mtu inside 1500 > mtu outside 1500 > mtu business 1500 > ip verify reverse-path interface outside > ip audit name idsattack attack action alarm reset > ip audit name idsinfo info action alarm > ip audit interface outside idsinfo > ip audit interface outside idsattack > no failover > icmp unreachable rate-limit 1 burst-size 1 > icmp permit any inside > icmp permit any echo inside > icmp permit any echo-reply inside > icmp permit host 64.76.95.138 echo outside > icmp permit any echo-reply outside > asdm image disk0:/asdm-603.bin > no asdm history enable > arp timeout 14400 > global (outside) 1 interface > nat (inside) 0 access-list inside_outbound_nat0_acl > nat (inside) 1 0.0.0.0 0.0.0.0 > nat (business) 0 access-list business_outbound_nat0_acl > nat (business) 1 0.0.0.0 0.0.0.0 > access-group inside_access_in in interface inside > access-group business_access_in in interface business > route outside 0.0.0.0 0.0.0.0 192.168.20.1 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 > timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat > 0:05:00 > timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect > 0:02:00 > timeout uauth 0:05:00 absolute > dynamic-access-policy-record DfltAccessPolicy > aaa local authentication attempts max-fail 10 > http server enable > http 192.168.1.0 255.255.255.0 inside > no snmp-server location > no snmp-server contact > snmp-server enable traps snmp authentication linkup linkdown coldstart > telnet 192.168.1.0 255.255.255.0 inside > telnet timeout 5 > ssh 192.168.1.0 255.255.255.0 inside > ssh timeout 5 > console timeout 5 > vpdn group infonet request dialout pppoe > vpdn group infonet localname [EMAIL PROTECTED] > vpdn group infonet ppp authentication chap > vpdn username [EMAIL PROTECTED] password ********* > dhcpd auto_config outside > ! > dhcpd address 192.168.1.2-192.168.1.254 inside > dhcpd enable inside > ! > > threat-detection basic-threat > threat-detection statistics access-list > ! > class-map type inspect im match-all InstantMSN > match protocol msn-im yahoo-im > ! > ! > policy-map type inspect im IMBlock > parameters > class InstantMSN > drop-connection log > ! > prompt hostname context > Cryptochecksum:cd27619b7d15523a934badb87c74c6f5 > : end > INFFRW01# conf t > INFFRW01(config)# exit > INFFRW01# > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- "The network is the computer" _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
