Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
668
Views
0
Helpful
2
Replies

ASA Only allowing one host out

Justin Bray
Level 1
Level 1

‎01-27-2015 06:38 AM - edited ‎03-11-2019 10:24 PM

I have configured an ASA 5505 with version 9.2.1 from scratch. I have set up my internal network 10.1.1.0/24 on VLAN 1 and VLAN2 to get IP Add and route via DHCP. I also have set up pat to use the outside address so users can reach the internet. DHCP has been set up as well. 

When I connect with a PC it goes out to the internet and everything is okay. As soon as I try to get the second, third, ect devices to the internet it will not allow me.

Has anyone seen this before or is there anything I am doing wrong? 

Labels:
Preview file
5 KB
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎01-27-2015 07:37 AM

Hi,

 

Can't say I see any problem with the actual configurations.

 

Have you monitored the logs from the ASA through ASDM to see what happens to the other hosts when they try to connect?

 

If you happen to have a Base License ASA5505 that should already mean that you should be able to have 10 hosts behind the ASAs "inside" interface before the ASA starts blocking connections from other hosts. Is there any possibility that devices are connect to the network with the ASA that have already taken up the limit of 10 users?

 

You could first check the actual license with

 

show version

 

You could then check how many hosts against the limit/license the device itself is seeing

 

show local-host

 

The output should be at the very start of the output. Other information is related to the hosts and their connections and translations.

 

I think I have seen some posts in the past that say that the 10 user limit is not working correctly and there has possibly been some bug. You can always try rebooting the firewall (save configuration first)

 

If for some odd reason the Dynamic PAT configurations (which is fine) does not work we can try another configuration format like below

 

nat (inside,outside) after-auto source dynamic any interface

 

In that case you could remove the original NAT configuration.

 

But I would assume with the above "show" commands and just looking at the ASDM logs you should be able to determine what the problem is.

 

- Jouni

0 Helpful

Justin Bray
Level 1
Level 1
In response to Jouni Forss

‎01-27-2015 12:34 PM

Thank you for your reply I will try this and let you know what I find out.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card