Am I missing something in my config to allow internet access?
192.168.0.1 ---> my wireless router plugged into 0/1
Here is my current config:
ASA Version 9.0(2)
enable password DQucN59Njn0OjpJL encrypted
switchport access vlan 2
ip address 10.0.10.1 255.255.255.224
ip address 24.234.XXX.XXX 255.255.255.224
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 220.127.116.11 1
route inside 192.168.0.0 255.255.255.0 10.0.10.0 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.0.10.5-10.0.10.25 inside
dhcpd enable inside
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
policy-map type inspect dns preset_dns_map
message-length maximum client auto
message-length maximum 512
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
I imagine that there is a problem with the "inside" route?
route inside 192.168.0.0 255.255.255.0 10.0.10.0
If you are testing with ICMP I would also suggest dropping this from the CLI
inspect icmp error
What would the problem be with my route?
And I am tring to ping via my workstation, I know the ASA will not ping with the above command.
Well it seems to me that the gateway for that route is the network address of the network 10.0.10.0 255.255.255.224 which should not be used in the same way as the broadcast address.
Is you actual LAN routers IP address 10.0.10.0?
Yes, the LAN is a 10.0.10.0/27
My ASA gives out and IP address to my wireless router
The wireless router IP Address is 192.168.0.1/24
But your ASA is pointing out that the network 192.168.0.0/24 is found behind 10.0.10.0
And that 10.0.10.0 is a network address that should not be used. You could use for example the 10.0.10.1 for ASA and 10.0.10.2 for the wireless router interface facing ASA.
Is that truly the IP address (10.0.10.0) configured on the wireless router?
I cant see any other thing in the ASA configuration that could be a problem
Right the 192.168.0.0/24 network is behind the ASA (10.0.10.1) network.
Outside IP = 24.234.11X.XXX
ASA IP = 10.0.10.1
ASA DHCP Network = 10.0.10.0/27
D-Link Wireless Router IP = 192.168.0.1/24
D-Link Wireless Netowrk = 192.168.0.0/24
My D-Link router gets it IP from the ASA. I just don't know why I can ping the ASA or get internet access from the workstation on the 192.168.0.0/24 network.
I can not ping anything from the ASA...
I guess if you router is getting the IP address from ASA with DHCP then your router is also doing NAT for the wireless hosts?
Have you monitored the situation on the ASA while you have tried to connected through the wireless router and ASA to the Internet? Can you see any connections on the ASA from your PC behind the wireless router?