Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1995
Views
0
Helpful
6
Replies

ASA 5505 internet access

Go to solution
Stephen Sisson
Level 1
Level 1

‎11-19-2012 08:19 AM - edited ‎03-11-2019 05:24 PM

Hello everyone

We have a new ASA 5505I setup the internal interface in vlan 1, setup outside interface to vlan 2 with security set to zero 0.

we setup NAT rule to PAT dynamic and hide, confirmed I can ping the outside static IP address given by our ISP.

We have a problem going beyond the ISP router - so we can ping their interface 209.177.x.x but we can't go beyond to 8.8.8.8 Google’s address.

We also when as far to set a default route inside 0.0.0.0 0.0.0.0 209.177.x.x our ISP router interface

Can you help figure out what we missed and what's left to give internal users access to the internet.

Thank you

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
joelgooding
Level 1
Level 1
In response to Stephen Sisson

‎11-19-2012 07:19 PM

Hello,

As Cadet mentioned eariler, you have to put a route going outside the asa to the ISP as the default route. First you have to remove that inside route and then add the outside. can you enter the following from config mode:

no route inside 0.0.0.0 0.0.0.0 209.177.x.x

route outside 0.0.0.0 0.0.0.0 209.177.x.x

Let us know what is the result.

Joel

_______________________________
Please rate helpful posts and answered questions!

Joel _______________________________ Please rate helpful posts and answered questions!

View solution in original post

0 Helpful

Go to solution
joelgooding
Level 1
Level 1
In response to Stephen Sisson

‎11-20-2012 06:36 AM

Your welcome.

What you did was tell the ASA to carry the traffic ' inside ' the network for the defualt route. Remember that default routes carry all traffic that the device cannot identify specific routing patterns for. The ' no ' infront the command tells the device to disable the rule and the new route tells the device to carry all traffic 'outside' (because thats where you want to forward the traffic to) towards the ISP and to that specific IP you had.

Teaching on how ASA's work requires a course and lots of practice. I suggest you look at the configuration guides Cisco has to offer which are free. Do try to build labs using emulated software like GNS3 if you cannot buy lab equipment.

Joel

_______________________________
Please rate helpful posts and answered questions!

Joel _______________________________ Please rate helpful posts and answered questions!

View solution in original post

0 Helpful
6 Replies 6

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎11-19-2012 01:03 PM

Hi,

Can you confirm you did route outside 0.0.0.0 0.0.0.0 x.x.x.x with sh route command output

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Stephen Sisson
Level 1
Level 1
In response to cadet alain

‎11-19-2012 04:00 PM

We see 0.0.0.0 0.0.0.0 via 209.177.x.x inside

0 Helpful

Go to solution
joelgooding
Level 1
Level 1
In response to Stephen Sisson

‎11-19-2012 07:19 PM

Hello,

As Cadet mentioned eariler, you have to put a route going outside the asa to the ISP as the default route. First you have to remove that inside route and then add the outside. can you enter the following from config mode:

no route inside 0.0.0.0 0.0.0.0 209.177.x.x

route outside 0.0.0.0 0.0.0.0 209.177.x.x

Let us know what is the result.

Joel

_______________________________
Please rate helpful posts and answered questions!

Joel _______________________________ Please rate helpful posts and answered questions!
0 Helpful

Go to solution
Stephen Sisson
Level 1
Level 1
In response to joelgooding

‎11-20-2012 04:33 AM

Good morning,

This worked - you guys are awesome, how you continue helping us figure out what we did wrong or teach us how to make things work.

I really appreciate all the help.

Happy Thanks Giving

0 Helpful

Go to solution
joelgooding
Level 1
Level 1
In response to Stephen Sisson

‎11-20-2012 06:36 AM

Your welcome.

What you did was tell the ASA to carry the traffic ' inside ' the network for the defualt route. Remember that default routes carry all traffic that the device cannot identify specific routing patterns for. The ' no ' infront the command tells the device to disable the rule and the new route tells the device to carry all traffic 'outside' (because thats where you want to forward the traffic to) towards the ISP and to that specific IP you had.

Teaching on how ASA's work requires a course and lots of practice. I suggest you look at the configuration guides Cisco has to offer which are free. Do try to build labs using emulated software like GNS3 if you cannot buy lab equipment.

Joel

_______________________________
Please rate helpful posts and answered questions!

Joel _______________________________ Please rate helpful posts and answered questions!
0 Helpful

Go to solution
Stephen Sisson
Level 1
Level 1
In response to joelgooding

‎11-20-2012 06:46 AM

Thanks for the information showing why we need the static route on the ASA, I will download the ASA guide, we have the GNS3 installed and using the CBT nuggets ASA training series.

Like you said we need practice / practice and some more practice.

Thanks again

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card