Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)
 
  • Post
  • Reply
Jmdg
May 22, 2001

THIS IS ARE COUNTRY!!!
I am having a problem with my ASA, I can ping outside addresses from the router console, but I can't ping them from a computer on the network. I am wondering if I am missing something in the NAT config. I am a cisco newb. Here is my config.

code:
: Saved
:
ASA Version 8.2(1)
!
hostname txdhqasa1
domain-name default.domain
enable password AJixWqN.VncIrez. encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif inside
 security-level 100
 ip address 10.0.106.5 255.255.252.0
!
interface Ethernet0/1
 nameif outside
 security-level 0
 ip address 10.118.0.19 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
 domain-name default.domain
access-list outside_access_in extended permit tcp interface outside host 10.0.106.32 eq lotusnotes
access-list outside_access_in extended permit tcp interface outside host 10.0.106.171 eq lotusnotes
access-list outside_access_in extended permit tcp interface outside host 10.0.106.172 eq lotusnotes
access-list outside_access_in extended permit tcp interface outside host 10.0.106.29 eq lotusnotes
pager lines 24
logging enable
logging timestamp
logging console errors
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 101 0.0.0.0 0.0.0.0
static (outside,inside) 10.0.106.171 10.118.0.17 netmask 255.255.255.255
static (outside,inside) 10.0.106.172 10.118.0.16 netmask 255.255.255.255
static (outside,inside) 10.0.106.29 10.118.0.15 netmask 255.255.255.255
static (outside,inside) 10.0.106.32 10.118.0.18 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.118.0.1 1
route inside 10.0.108.0 255.255.255.0 10.0.106.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.0.104.0 255.255.252.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.0.104.0 255.255.252.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password 4T9MPhrGi0NNEnip encrypted
!
!
prompt hostname context
Cryptochecksum:eeb2bfe4db090ea2911aee96e1fa69bd
: end

* # ¿ Jun 11, 2010 22:47
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 27, 2024 15:50
  • Quote
Jmdg
May 22, 2001

THIS IS ARE COUNTRY!!!

Bardlebee posted:

Is there a command to activate VTP beyond vtp mode [server|client|transparent]? EDIT: I guess there is no 'disable' of VTP so VTP is always on, so it stands to reason there is no command to activate it. Very peculiar.

I have everything right on all switches but the updates aren't pushing out. My server switch is on revision 1 and the others are revision 0. I have all of them with the same domain name, there is no password, and they are all on version 2.

Do I need to apply an ip address to the switches?

Hey man, me and you seem to be about on the same track. I am studying to take my icnd2 test and funny enough have been working on vtp today as well.

You can debug VTP using the following "debug sw-vlan vtp events" & "debug sw-vlan vtp events packets."

* # ¿ Jan 13, 2011 21:35
  • Quote
Jmdg
May 22, 2001

THIS IS ARE COUNTRY!!!
It has been my experience that the HP Teaming doesn't work well across multiple switches. It's worth a shot to see.

I have a similar setup as you and most of my servers have a backup. I put one server on one switch, and one on the other.

Speaking of HP Network Teaming, has anybody set it up with Etherchannel?

* # ¿ Jan 18, 2011 02:58
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)