topic There are multiple things in Network Security

Cisco ASA Problem

Desmond Smith — Tue, 12 Mar 2019 05:21:32 GMT

I have configured an ASA 5520 and I configured and inside and an outside interface.

From the asa I can ping the internet (8.8.8.8) and also the internal network computers.

From my internal laptop I can ping internal computers and the inside interface of the ASA but I cant get to the internet.

Can anyone please shed some light on what may be going on? From the ASA everything looks good as I can ping inside and outside but the internal network cant get to the Internet.

Thanks,

Desmond

There are multiple things

Karsten Iwen — Sat, 17 Jan 2015 11:43:45 GMT

There are multiple things that could go wrong:

Problem with NAT
Do you have a dynamic NAT-rule for your test-traffic?
Problem with Access-control
If there is an ACL on the inside interface, does it allow the needed traffic to the internet? Just because you can ping to the ASA doesn't mean that you can ping through the ASA.
Wrong default-gateway on the PC
Wrong testing
If you only test with ping, that can fail because by default ICMP is not stateful. You have to enable the ICMP-inspection or test with real traffic like http.

The easiest way to find out is the packet-tracer:

packet-tracer input inside tcp 10.10.10.10 1234 1.2.3.4 80

replace 10.10.10.10 with an IP from your internal subnet.

You just have to enable

nofori1382 — Sun, 18 Jan 2015 01:54:46 GMT

You just have to enable dynamic NAT before the inside host can ping the outside network. Use this command.

example:

nat (inside,outside) source dynamic any interface.

Thanks for the help it was an

Desmond Smith — Sun, 18 Jan 2015 03:31:44 GMT

Thanks for the help it was a NAT issue.