Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Firewalls Community


ASA Config Help - No Internet Access

Am I missing something in my config to allow internet access? ---> my wireless router plugged into 0/1

Here is my current config:

ASA Version 9.0(2)


hostname ciscoasa

enable password DQucN59Njn0OjpJL encrypted



interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address 24.234.XXX.XXX


ftp mode passive

object network obj_any


pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected


object network obj_any

nat (inside,outside) dynamic interface

route outside 1

route inside 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address inside

dhcpd enable inside


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options


service-policy global_policy global

prompt hostname context

no call-home reporting anonymous


: end


Re: ASA Config Help - No Internet Access


I imagine that there is a problem with the "inside" route?

route inside

If you are testing with ICMP I would also suggest dropping this from the CLI

policy-map global_policy

class inspection_default

inspect icmp

inspect icmp error

- Jouni


ASA Config Help - No Internet Access

What would the problem be with my route? 

And I am tring to ping via my workstation, I know the ASA will not ping with the above command.


ASA Config Help - No Internet Access


Well it seems to me that the gateway for that route is the network address of the network which should not be used in the same way as the broadcast address.

Is you actual LAN routers IP address

- Jouni


ASA Config Help - No Internet Access

Yes, the LAN is a

My ASA gives out and IP address to my wireless router

The wireless router IP Address is


ASA Config Help - No Internet Access


But your ASA is pointing out that the network is found behind

And that is a network address that should not be used. You could use for example the for ASA and for the wireless router interface facing ASA.

Is that truly the IP address ( configured on the wireless router?

I cant see any other thing in the ASA configuration that could be a problem

- Jouni


ASA Config Help - No Internet Access

Right the network is behind the ASA ( network.

Outside IP = 24.234.11X.XXX


ASA DHCP Network =

D-Link Wireless Router IP =

D-Link Wireless Netowrk =

My D-Link router gets it IP from the ASA.  I just don't know why I can ping the  ASA or get internet access from the workstation on the network.

I can not ping anything from the ASA...


ASA Config Help - No Internet Access


I guess if you router is getting the IP address from ASA with DHCP then your router is also doing NAT for the wireless hosts?

Have you monitored the situation on the ASA while you have tried to connected through the wireless router and ASA to the Internet? Can you see any connections on the ASA from your PC behind the wireless router?

- Jouni