ASA 5510 Not allowing internet connection

Traveler32degree — Tue, 26 Mar 2019 00:50:21 GMT

Hi all.... I experienced a power outage last night... everything powered back on but my 5510 isnt allowing internet out. I can vpn back into my network but can not internet out.

Here's my config:

ASA Version 8.2(5)

hostname ciscoasa

enable password encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

interface Ethernet0/0

speed 100

nameif outside

security-level 0

ip address dhcp setroute

interface Ethernet0/1

speed 100

nameif inside

security-level 100

ip address 10.10.1.1 255.255.255.0

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

interface Management0/0

shutdown

no nameif

no security-level

no ip address

boot system disk0:/asa825-k8.bin

ftp mode passive

access-list inside_nat0_outbound extended permit ip any 10.10.2.0 255.255.255.0

access-list inside_access_in extended permit udp any any

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

ip local pool vpn_pool1 10.10.2.1-10.10.2.254 mask 255.255.255.0

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-711-52.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 10.10.1.0 255.255.255.0

access-group inside_access_in in interface inside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication enable console LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 10.10.1.0 255.255.255.0 inside

http 96.35.145.82 255.255.255.255 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication crack

encryption aes-256

hash sha

group 2

lifetime 86400

crypto isakmp policy 20

authentication rsa-sig

encryption aes-256

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto isakmp policy 40

authentication crack

encryption aes-192

hash sha

group 2

lifetime 86400

crypto isakmp policy 50

authentication rsa-sig

encryption aes-192

hash sha

group 2

lifetime 86400

crypto isakmp policy 60

authentication pre-share

encryption aes-192

hash sha

group 2

lifetime 86400

crypto isakmp policy 70

authentication crack

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 80

authentication rsa-sig

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 90

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 100

authentication crack

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 110

authentication rsa-sig

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 120

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 130

authentication crack

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp policy 140

authentication rsa-sig

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp policy 150

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

telnet timeout 5

ssh 10.10.1.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

webvpn

group-policy RA_Group internal

group-policy RA_Group attributes

dns-server value 10.10.1.11 8.8.8.8

vpn-tunnel-protocol IPSec

default-domain value tyelewis.local

group-policy tyelewis_VPN internal

group-policy tyelewis_VPN attributes

dns-server value 10.10.1.11 8.8.8.8

vpn-tunnel-protocol IPSec

default-domain value tyelewis.local

username password encrypted privilege 0

username attributes

vpn-group-policy RA_Group

username password encrypted privilege 15

username password /emv encrypted privilege 0

username attributes

vpn-group-policy tyelewis_VPN

tunnel-group tyelewis_VPN type remote-access

tunnel-group tyelewis_VPN general-attributes

address-pool vpn_pool1

default-group-policy tyelewis_VPN

tunnel-group tyelewis_VPN ipsec-attributes

pre-shared-key *****

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

no active

destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

destination address email callhome@cisco.com

destination transport-method http

subscribe-to-alert-group diagnostic

subscribe-to-alert-group environment

subscribe-to-alert-group inventory periodic monthly

subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:1d486fb707345857618da68fdf0c0642

: end

ASA 5510 Not allowing internet connection

Jouni Forss — Wed, 13 Mar 2013 14:42:55 GMT

Hi,

For some reason you have only allowed UDP connections from your LAN.

You will need to add something like

access-list inside_access_in extended permit ip 10.10.1.0 255.255.255.0 any

- Jouni

topic ASA 5510 Not allowing internet connection in Network Security

ASA 5510 Not allowing internet connection

ASA 5510 Not allowing internet connection