Hello All,
I'm configuring a brand new ASA and the Firewall refuses to communicate on my inside interface.
No matter the traffic type, its denied by implicit deny everytime. I was hoping to get some feedback/advice on how to resolve this.
Below is the setup/config
Router | 10.0.4.253 vlan 300| -------- ASA | 10.0.4.254 vlan 300|
ASA interface config and ACL:
interface GigabitEthernet1/2 no nameif security-level 100 no ip address interface GigabitEthernet1/2.2 vlan 300 nameif inside security-level 100 ip address 10.0.4.254 255.255.255.252 access-list inside_access_in extended permit ip any any access-list inside_access_in extended permit icmp any any access-list inside_access_out extended permit ip any any access-list inside_access_out extended permit icmp any any access-group inside_access_in in interface inside access-group inside_access_out out interface inside # packet-tracer input inside icmp 10.0.4.254 8 0 10.0.4.253 detailed Phase: 1 Type: ROUTE-LOOKUP Subtype: Resolve Egress Interface Result: ALLOW Config: Additional Information: found next-hop 10.0.4.253 using egress ifc inside Phase: 2 Type: ACCESS-LIST Subtype: Result: DROP Config: Implicit Rule Additional Information: Forward Flow based lookup yields rule: in id=0x7f1a5004b610, priority=501, domain=permit, deny=true hits=5, user_data=0x7, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=10.0.4.254, mask=255.255.255.255, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=inside, output_ifc=any Result: input-interface: inside input-status: up input-line-status: up output-interface: inside output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rule Im not sure why this is immediately dropping? I have a tcpdump listener in between, and the interface sends 0 packets, no arp, nothing.
When my router tries the ping i see the arp requested on the listener with no replies:
10:16:17.018288 ARP, Request who-has 10.0.4.254 tell 10.0.4.253, length 46 
No comments:
Post a Comment