How to allow a subnet for a number of hosts to surf internet and ping from inside and outside in ASA in GNS3?

Similar Messages

• How to allow ping from inside to outside in 2900 router?

  Hi,
  I have a Cisco router 2900 with firewall, i need to know how can i allow the ping from self zone to outside zone, i trried to create policy from self to outside but i still didn't allow ping or tracert, i get that message when i try to ping from cisco router:
  "Unrecognized host or address, or protocol not running"
  any help will be appreciated.
  Thank you

  Hi jcarvaja
  here is the used configuration:
  Building configuration...
  Current configuration : 5584 bytes
  ! Last configuration change at 09:00:20 UTC Tue Apr 9 2013 by admin
  version 15.1
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  no service password-encryption
  service udp-small-servers
  service tcp-small-servers
  service sequence-numbers
  hostname Router
  boot-start-marker
  boot-end-marker
  security authentication failure rate 3 log
  security passwords min-length 6
  no logging buffered
  no logging console
  enable secret 5
  no aaa new-model
  no ipv6 cef
  ip source-route
  ip gratuitous-arps
  ip icmp rate-limit unreachable 1
  ip cef
  ip name-server 163.121.128.134
  ip name-server 163.121.128.135
  ip port-map user-custom-fleet port tcp 2000 list 1
  multilink bundle-name authenticated
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-324261422
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-324261422
  revocation-check none
  crypto pki certificate chain TP-self-signed-324261422
  certificate self-signed 01
    30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33323432 36313432 32301E17 0D313330 34303930 38343034
    375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 34323631
    34323230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    B8ABD60F 8C879B3B BC1C1643 48059AD2 F940A700 6D58161E 37D53E6E E028B806
    61EAA942 CED2A3C6 3FB3A47E 20E05B10 0941A9D8 38FFA6F9 D2B9E52C 225A57BA
    14F8842A A26E7E02 38E9F7C8 328504D0 5C3EEE41 CC75B237 BBD07CBA 1A850540
    2A5AAFAD 4553FB03 0E366211 9AC09967 4DC03082 0AF546A3 F6AA2739 1D8A8AA9
    02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
    23041830 16801428 FEEB3910 B7A1D374 1F86BCD5 96CEDF75 8DF11E30 1D060355
    1D0E0416 041428FE EB3910B7 A1D3741F 86BCD596 CEDF758D F11E300D 06092A86
    4886F70D 01010405 00038181 006BBF7A 430905F6 D5B27B0D 96315504 87816DAA
    B5EA86D9 6E9A1D58 7B328C88 A6A358D0 00D035A9 8CDDEC41 15AF0108 F5CB1072
    B0485D7D CFC0D0CB 71E9B153 FB7B8B40 40C157E4 B254D01C 890D615F D8395545
    F0B47E0B 57341EB2 C0CE0039 DC18EAD6 078986F0 A5A5D04F D5041DB6 23CAA002
    4901248C 95B61A0B 3ED5B26A EF
        quit
  license udi pid CISCO2901/K9 sn FCZ1526C3JL
  object-group service Outside-Reply
  icmp echo-reply
  username admin privilege 15 secret 5
  redundancy
  ip finger
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  class-map type inspect match-any Deny_ALL
  match access-group name dwdwd
  class-map type inspect match-any Inside-Outside
  match protocol http
  match protocol https
  match protocol dns
  class-map type inspect match-any ICMP_RQST
  match protocol icmp
  policy-map type inspect Inside-Outside
  class type inspect Inside-Outside
    inspect
  class class-default
    drop
  policy-map type inspect Self_to_Outside
  class type inspect ICMP_RQST
    inspect
  class class-default
    drop
  policy-map type inspect Outside_to_Self
  class type inspect Deny_ALL
    pass log
  class class-default
    drop
  zone security IN
  zone security OUT
  zone-pair security Self_to_Outside source self destination OUT
  service-policy type inspect Self_to_Outside
  zone-pair security Outside_to_Self source OUT destination self
  service-policy type inspect Outside_to_Self
  zone-pair security Inside-Outside source IN destination OUT
  service-policy type inspect Inside-Outside
  interface GigabitEthernet0/0
  ip address 101.101.100.245 255.255.255.0
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  description $FW_INSIDE$
  ip address 49.31.152.80 255.255.255.248
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  zone-member security IN
  duplex auto
  speed auto
  interface Serial0/0/0
  no ip address
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  encapsulation frame-relay IETF
  no fair-queue
  frame-relay lmi-type q933a
  interface Serial0/0/0.16 point-to-point
  description $FW_OUTSIDE$
  ip address 172.17.18.122 255.255.255.252
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  ip verify unicast reverse-path
  zone-member security OUT
  frame-relay interface-dlci 16  
  interface Serial0/0/1
  no ip address
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  shutdown
  clock rate 2000000
  ip forward-protocol nd
  ip http server
  ip http access-class 2
  ip http authentication local
  ip http secure-server
  ip route 0.0.0.0 0.0.0.0 Serial0/0/0.16
  ip identd
  ip access-list extended ICMP
  remark CCP_ACL Category=128
  permit ip any any
  ip access-list extended deeef
  remark CCP_ACL Category=128
  permit ip any any
  ip access-list extended dwdwd
  remark CCP_ACL Category=1
  permit object-group Outside-Reply any any
  access-list 1 remark CCP_ACL Category=1
  access-list 1 permit 196.219.234.77
  access-list 2 remark Auto generated by SDM Management Access feature
  access-list 2 remark CCP_ACL Category=1
  access-list 2 permit 101.101.100.0 0.0.0.255
  access-list 2 permit 10.20.10.0 0.0.1.255
  no cdp run
  control-plane
  line con 0
  login local
  transport output telnet
  line aux 0
  login local
  transport output telnet
  line vty 0 4
  login local
  transport input all
  line vty 5 15
  login local
  transport input all
  scheduler allocate 20000 1000
  end

• How to change Org Unit for larg number of emplyees

  Dear Guru's,
  My client has uploaded wrong Org Units while hiring, now that has to be changed for larg number of employees.
  Can any one suggest me how can we do this for larg number of employees?
  Thanks in advance for your kind suggestions.
  Regards,
  Srinivas

  Hello Srinivas;
  By saying uploaded wrong organizational units, do you mean that organizational structure in PPOME is wrong or employee - position assignment is wrong?
  If employee - position assignment is wrong then I suggest you to use batch input program or use LSMW as you have to change it via personnel action - PA40
  If organizational structure is wrong, then do you have correct organizational structure in another system like test or qa?
  If you have correct organizational structure then you can directly transport it from one system to other but if you don't then you first need to correct the organizational structure and then run LSMW or batch input.
  Regards;
  Okan

• How to allow some fixed extension go in from outside to inside but not allow go from inside to outside

  how to allow some fixed extension go in from outside to inside but not allow go from inside to outside
  for example, allow JPEG, MOV, AVI data flow from outside to inside
  but not allow JPEG, MOV, AVI files access or upload or get by outside, in another words not from inside to outside
  how to configure?

  Hi,
  The ZBF link sent earlier show how we can inspect URI in http request
  parameter-map type regex uri_regex_cm
     pattern “.*cmd.exe”
  class-map type inspect http uri_check_cm
     match request uri regex uri_regex_cm
  ZBf is the feature on Cisco routers and ASA though concepts are little same but works differently. However it is important that you can be more granular with the protocol (layer 7) inspection only. Like on ASA if you will try to restrict .exe file from a p2p application that won't be possible, But on router you have some application for p2p in NBAR and you can use it file filtering. Please check configuartion example for both devices.
  Thanks

• How can I remove all my preferences and settings from mail and do a clean install of mail app?

  How can I remove all my preferences and settings from mail and do a clean install of mail app?

  Open mail > Preferences > Accounts
  Select the account and click the minus button at the bottom of the column.
  Quit mail
  ~/Library/Preferences/com.apple.mail.plist move this file to the trash and empty it.
  ~/Library/Mail/ and move all of the items in that folder to the trash and then empty it.

• I got tis ipad 4 wifi and cellular from ireland and i wish to go on my holidays to india with it and use a micro sim from a local carrier for network courage so i want to know the steps u take to activate the micro sim in the ipad .

  i got tis ipad 4 wifi and cellular from ireland and i wish to go on my holidays to india with it and use a micro sim from a local carrier for network courage as i dont have wifi in the place tat i am staying so i want to know the steps involed to activate the micro sim in my ipad.

  What roaming charges? If you have a local plan there are no roaming charges. This is a major reason for using a local plan.
  Contact, or visit the website,  whatever local provider you are considering and get their plan details.

• I purchase iPhone 3GS and 4 and 4s from eBay and Amazone sometime from best buy all  of that is ok but now befor 3 or 5 week I purchase one white iPhone 4s is locked and I can't active it i don't know why serial number c39****td0 Imei. 012936000039082

  I purchase iPhone 3GS and 4 and 4s from eBay and Amazone sometime from best buy all  of that is ok but now befor 3 or 5 week I purchase one white iPhone 4s is locked and I can't active it i don't know why serial number c39*****dtd0
  <Personal Information Edited by Host>

  Only the Apple Store sells unlocked iphones in the U.S

• I bought some ringtones and alerts from itunes and it won't let me use them for text alerts or voicemail.

  I bought some ringtones and alerts from itunes and it won't let me use them for text alerts or voicemail. Am I doing something wrong? Other ringtones I have downloaded work.

  What does won't let you use them mean exactly?

• Which Mac is best for music purposes?  I want to mix music recorded from MIDI and live sound, and also want to use Sibelius to play music in.  I'm looking at MacBook Pros; any tips?  13" or 15"?

  Which Mac is best for music purposes?  I want to mix music recorded from MIDI and live sound, and also want to use Sibelius to play music in.  I'm looking at MacBook Pros; any tips?  13" or 15"?

  I would think a 15" with the i7 CPU. You can get a 13" with the i7 CPU but the 15" has a dedicated graphic chip along with the intergrated one.
  You will also need to upgrade the hard drive to a faster 7200RPM model instead of the standard 5400RPM model that comes with all MBPs. The Sibelius website recommends the 7200RPM or a SSD. You will also be better off installing 8GBs of RAM.
  Both of those upgrades can be made after you buy a MBP for much less then Apple charges for the same upgrades and you get to keep the original RAM and hard drive.

• How to allow the location for faces and places with iOS 4 on an iPhone 3GS?

  I installed ios4 on my iphone 3gs, it went well, then the first time i open the camera app it asked me to allow tha application to know the location, firs i said no... now that i really know what this feature does, i would like to allow it, any idea how to allow it again? if i open the camera application again it doesn't ask for it again
  thanks

  Thanks "justinphilly", following is the solution:
  Settings > General > Location Services > Scroll down to camera, and click yes.

• How to change the space for check number using OT45?

  How to use OT45 to change the check no.of FF68 Check Deposit? I want to change the variant so that I can increase the space for check number as have come up with a special case can someone please help me out how can I do it via OT45?
  Thanks in advance...
  Regards
  Nitin

  Hi Amit,
  Yes, I agree that we can create a new variant and can assign it after activating it. But, what I want is that I have created a new variant and check space in FF68 is 3 digits and how can I make changes in OT45's new variant so that cheque space gets changed to 10digit or more.
  Please Help.
  Thanks in advance...
  Regards
  Nitin

• How to allow suspense olny for a specific source and category

  Hi all
  I am using GL, AP, FA and CM. I have another system that i import a journal once a month. I want the users to be able to post this journal, even it is not balanced. I can do that by allowing suspense posting.
  My question is: Can i allow suspense posting only for journals that has specific source and category, and not allow suspense posting for all other journals created in GL??
  Thank you and best regards
  E.

  There does not appear to be a way to derive the internal id of a table that is not part of the interface. Instead of concentrating on getting the internal id, why do not you define flex fields for the fact table and specify internal ids of the relevant dimensions in it.

• Need to know how to allow mail to be sent to my Hosted Sharepoint 2013 site's documents folder/ Using CRD 7 reporting

  I have gotten as far as adding a new app, naming the folder and going into CRD, for the report we need online and attempted to enter the settings information for our sharepoint site. The issue is no matter how I enter the credentials it will not authorize
  and finish the connection. We have tried a couple of different things when it comes to the user name and domain line. we tried: 
  corporate\username; 
  corporate-traffic.com\username; 
  [email protected]..
   we are trying to figure out the correct way to enter this information, mainly what the domain name should be since Sharepoint 2013 is all cloud based.
  My issue is when I get to entering credentials none of my admins credentials work... I think it may be the domain name that is throwing it off. I keep getting the error: server was unable to process request ---> Access is denied. (Exception
  From HRESULT: 0x80070005 ((E_ACCESSDENIED))
  So can anyone point me in the right direction to fix this error and enable the report to email to my sharepoint site documents folder? 
  Just to clarify...
  I need the correct domain info per office 365's Sharepoint to enter the info into our report options on CRD seven report. And how we can enable SMTP to our documents folder on our SharePoint site.

  I asked Christian Steven's Support staff about this and they came out with a fix to allow us to do exactly what I asked in the first post.
  We then had an issue with an error saying Crystal Reports couldn't find the rasauditingw.dll. After a few months of going back and forth they finally looked deeper into the issue and informed me other businesses are having the same issue with the add in
  they designed. They still claim it is not there software but Crystal Reports software that is the issue.
  Just to clarify, the error only appeared after the add in was put in place. Anyways, after they dug some more the following post was the end game.
  "The development team was finally able to get into this issue (seems other businesses are seeing this same issue now). It was in fact an issue with SAP Business Objects and where it was looking for the rasauditingw.dll.
  ****WARNING THIS IS DONE AT YOUR OWN RISK!!****
  I AM NOT RESPONSIBLE FOR DAMAGES TO YOUR PROGRAMS OR SYSTEM THIS FIX MAY CAUSE
  BACKUP YOUR SERVER OR TAKE A SNAP SHOT (VM) BEFORE ATTEMPTING ANY OF THE FOLLOWING
  We copied the rasauditngw.dll file into the system32 folder and the sysWOW64 folder and then renamed the original rasauditingw.dll to rasauditingw.dll.bak (Original file in this directory: C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise
  XI 4.0\win32_x86).
  So far so good. We have not seen any errors in the last couple of days since the fix. I hope this helps others who run into this mystery problem. Christen Steven was gracious enough to dig into this problem and quell my frustrations and issues with the 
  "crd.exe - Entry Point Not Found" error" "
  We haven't seen any issue with our CRD server since we moved the copies of that .dll file over into our sys32 folder and sysWOW64 folder on the CRD server (our server where the Christian Steven software resides).

• How to mark PCI devices for pass through in host using Powercli?

  PCi devices in host can be retrieved using Get-VMHost command . How do i mark the device for pass through in host?
  Please help on how this can be done. Thanks in advance.

  Hi,
  I don't think supressing through Global Personalization will change the business logic. Within the Business Logic it checks for the mandatory field.
  After the changes I guess you need to make the changes accordingly.
  The below link might be of some help.
  http://wiki.sdn.sap.com/wiki/pages/viewpage.action?spaceKey=profile&title=ESSPersonalInformationUIenhancementwithoutmodification&decorator=printable
  Please correct if I am wrong.
  Cheers-
  Pramod

• HT201318 How long does it take for the storage to be upgraded? I bought it this morning and it still hasn't gone on?

  How long does it take for the storage to be upgraded? I bought some 12 hours ago and it still hasn't gone on my iPhone 4

  Hi Katie,
  Where are you looking on your phone to determine how much storage you now have? Are you looking under Settings>iCloud>Storage & Backup?
  If so, and it still doesn't show the correct storage, try resetting your phone. Hold down the Home and Power buttons and continue to hold them down until the Silver Apple appears. Then check your storage again.
  Post back with questions!
  Cheers,
  GB