Internet access problem

Discussion in 'other firewalls' started by Givenchy, Dec 15, 2011.

Thread Status:
Not open for further replies.
  1. Givenchy

    Givenchy Registered Member

    Joined:
    Nov 26, 2011
    Posts:
    2
    Location:
    Nigeria
    Internet access problem
    Good day everyone, i need ur maximum input to my confusion on my company network.
    The genesis of the problem
    1. We have a campus network comprises of 2 core switches 1&2. 1 is use for LAN traffic while 2 is use for Wireless traffic.

    2. we have 4 distribution switches installed on four zones, zone_A, zone_B, zone_C and zone_D, trunk to the two core layer switches.

    3. zone_A has 19 vlans
    zone_B has 12 vlans
    zone_C has 12 vlans
    zone_D has 8 vlans

    4. The 4 distribution switches are trunk to their various access layer switches.

    5. We have 3 edge devices which are Cisco 2821 router, Cisco ASA 5505 and Cisco gigabit inter-connectivity switch which connect the core_1, core_2, Cisco 2821 router, and Cisco ASA 5505 together.

    6. All the users on the LAN could browse the internet when only the edge router was connected to the inter-connectivity switch.

    7. When the ASA was connected to the router and then to the inter-connectivity switch, It was observe that:
    A. Only the user on zone_A can browse the internet.
    B. The users on zone_B, zone_C and zone_D can not browse the internet. However, their computer show they are connected to the internet but when they try to browse the internet, they get page can not be display.

    I am confuse of a truth, what do you think i should do next?

    Code:
    ASA CONFIGURATION

WRPC-DOVE# wr term
: Saved
:
ASA Version 8.0(4)
!
hostname DOVE
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
description INSIDE NETWORK
nameif INSIDE
security-level 100
ip address 10.32.3.3 255.255.255.224
ospf cost 10
!
interface GigabitEthernet0/1
description CONNECTION TO EDGE ROUTER
nameif OUTSIDE
security-level 0
ip address 10.32.3.41 255.255.255.248
ospf cost 10
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ospf cost 10
management-only
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging asdm informational
mtu INSIDE 1500
mtu OUTSIDE 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 1 0.0.0.0 0.0.0.0 tcp 0 25
!
router ospf 68
network 10.32.3.0 255.255.255.224 area 0
network 10.32.3.40 255.255.255.248 area 0
log-adj-changes
!
route OUTSIDE 0.0.0.0 0.0.0.0 217.14.83.242 1
route OUTSIDE 0.0.0.0 0.0.0.0 41.75.201.2 1
route INSIDE 10.32.3.0 255.255.255.0 10.32.3.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.32.0.0 255.255.0.0 INSIDE
http 192.168.1.0 255.255.255.0 management
snmp-server host INSIDE 10.32.1.6 community wrpc version 2c
snmp-server location WARRI
snmp-server contact WRPC
snmp-server community wrpc
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 10.32.0.0 255.255.0.0 INSIDE
telnet 0.0.0.0 0.0.0.0 INSIDE
telnet 10.32.60.0 255.255.255.0 INSIDE
telnet 0.0.0.13 0.0.0.255 INSIDE
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 10
ssh 10.32.0.0 255.255.0.0 INSIDE
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username wrpc password EVEeHi9uvFl7rujL encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d6d0c4d32088f697e39ac4cedf892330
: end
    Love Givenchy.
     
    Givenchy, Dec 15, 2011
    #1
  2. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Welcome to Wilders Security Forums Givenchy

    ipconfig /?


    HKEY1952
     
    HKEY1952, Dec 17, 2011
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...