Internal subnets can ping each other, but can’t browse.

Home Forums Networking Cisco Security – PIX/ASA/VPN Internal subnets can ping each other, but can’t browse.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    themattman
    Member
    #154733

    I just installed a new ASA 5505 for an office with three internal subnets.* The three networks can each get online fine and ping eachother, but cannot browse to shares on the two internal networks other than their own.* How do I configure the ASA to allow all traffic between these three inside networks?
    *
    192.168.152.0
    192.168.152.0
    192.168.154.0
    *
    Here is the running config:
    *
    show run
    : Saved
    :
    ASA Version 8.4(1)
    !
    hostname ASA
    domain-name NETWORK.LOCAL
    enable password 9FKvgw.UCVrfUD5M encrypted
    passwd 9FKvvDw.UCVrUdDM encrypted
    names
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.152.1 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    ip address 1.2.3.4 255.255.255.248
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    ftp mode passive
    clock timezone MST -7
    clock summer-time MDT recurring
    dns server-group DefaultDNS
    domain-name NETWORK.LOCAL
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network Net1
    subnet 192.168.152.0 255.255.255.0
    object network Net2
    subnet 192.168.153.0 255.255.255.0
    object network Net3
    subnet 192.168.154.0 255.255.255.0
    object network FD
    host 192.168.152.2
    access-list global_access extended permit ip object Net1 any
    access-list global_access extended permit ip object Net2 any
    access-list global_access extended permit ip object Net3 any
    access-list global_access extended permit icmp interface inside any
    access-list outside_access_in extended permit gre any any
    access-list outside_access_in extended permit icmp any any echo-reply
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-641.bin
    no asdm history enable
    arp timeout 14400
    !
    object network obj_any
    nat (inside,outside) dynamic interface
    access-group outside_access_in in interface outside
    access-group global_access global
    route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
    route inside 192.168.153.0 255.255.255.0 192.168.152.2 1
    route inside 192.168.154.0 255.255.255.0 192.168.152.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.152.0 255.255.255.0 inside
    http 192.168.0.0 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet 0.0.0.0 0.0.0.0 inside
    telnet 0.0.0.0 0.0.0.0 outside
    telnet timeout 30
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    !
    dhcpd address 192.168.152.40-192.168.152.80 inside
    dhcpd dns 192.168.0.21 interface inside
    dhcpd wins 192.168.152.10 interface inside
    dhcpd domain NETWORK.LOCAL interface inside
    !
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    username admin npassword qiyTRCDITAjP3aZE encrypted privilege 15
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    * message-length maximum client auto
    * message-length maximum 512
    policy-map global_policy
    class inspection_default
    * inspect dns preset_dns_map
    * inspect ftp
    * inspect h323 h225
    * inspect h323 ras
    * inspect rsh
    * inspect rtsp
    * inspect esmtp
    * inspect sqlnet
    * inspect skinny
    * inspect sunrpc
    * inspect xdmcp
    * inspect sip
    * inspect netbios
    * inspect tftp
    * inspect ip-options
    !
    service-policy global_policy global
    prompt hostname context
    call-home
    profile CiscoTAC-1
    * no active
    * destination address http
    * destination address email
    * destination transport-method http
    * subscribe-to-alert-group diagnostic
    * subscribe-to-alert-group environment
    * subscribe-to-alert-group inventory periodic monthly
    * subscribe-to-alert-group configuration periodic monthly
    * subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:dd70e1358ea2eec7f73ee334j16492bb3
    : end

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.