Internal subnets can ping each other, but can’t browse.

Home Forums Networking Cisco Security – PIX/ASA/VPN Internal subnets can ping each other, but can’t browse.

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    I just installed a new ASA 5505 for an office with three internal subnets.* The three networks can each get online fine and ping eachother, but cannot browse to shares on the two internal networks other than their own.* How do I configure the ASA to allow all traffic between these three inside networks?
    Here is the running config:
    show run
    : Saved
    ASA Version 8.4(1)
    hostname ASA
    domain-name NETWORK.LOCAL
    enable password 9FKvgw.UCVrfUD5M encrypted
    passwd 9FKvvDw.UCVrUdDM encrypted
    interface Vlan1
    nameif inside
    security-level 100
    ip address
    interface Vlan2
    nameif outside
    security-level 0
    ip address
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    clock timezone MST -7
    clock summer-time MDT recurring
    dns server-group DefaultDNS
    domain-name NETWORK.LOCAL
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object network obj_any
    object network Net1
    object network Net2
    object network Net3
    object network FD
    access-list global_access extended permit ip object Net1 any
    access-list global_access extended permit ip object Net2 any
    access-list global_access extended permit ip object Net3 any
    access-list global_access extended permit icmp interface inside any
    access-list outside_access_in extended permit gre any any
    access-list outside_access_in extended permit icmp any any echo-reply
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-641.bin
    no asdm history enable
    arp timeout 14400
    object network obj_any
    nat (inside,outside) dynamic interface
    access-group outside_access_in in interface outside
    access-group global_access global
    route outside 1
    route inside 1
    route inside 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http inside
    http inside
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet inside
    telnet outside
    telnet timeout 30
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    dhcpd address inside
    dhcpd dns interface inside
    dhcpd wins interface inside
    dhcpd domain NETWORK.LOCAL interface inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    username admin npassword qiyTRCDITAjP3aZE encrypted privilege 15
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    * message-length maximum client auto
    * message-length maximum 512
    policy-map global_policy
    class inspection_default
    * inspect dns preset_dns_map
    * inspect ftp
    * inspect h323 h225
    * inspect h323 ras
    * inspect rsh
    * inspect rtsp
    * inspect esmtp
    * inspect sqlnet
    * inspect skinny
    * inspect sunrpc
    * inspect xdmcp
    * inspect sip
    * inspect netbios
    * inspect tftp
    * inspect ip-options
    service-policy global_policy global
    prompt hostname context
    profile CiscoTAC-1
    * no active
    * destination address http
    * destination address email
    * destination transport-method http
    * subscribe-to-alert-group diagnostic
    * subscribe-to-alert-group environment
    * subscribe-to-alert-group inventory periodic monthly
    * subscribe-to-alert-group configuration periodic monthly
    * subscribe-to-alert-group telemetry periodic daily
    : end

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.