12-15-2013 11:35 AM - edited 03-11-2019 08:18 PM
I have the following scenario in a branch office:
A ASA 5505 connected to Core Switch(there is only one in this branch location) and a TMG Forefront Server connected to an ASA inside port.
The external port e0/0 is connected to the ADSL provider.
My ASA is configured as you can see below, but i don't have Internet even in the TMG Forefront. But i can ping external IPs inside ASA. My proxy IP configuration is like this:
TMG IP Config:
IP: 10.100.17.55
Mask: 255.255.255.192
Gw: 10.100.17.1/10.100.17.10
ADSL IP Config(Static):
IP: 189.39.115.158
Mask: 255.255.255.252
Gw: 189.39.115.157
DNS: 10.5.1.1/10.5.1.2
ASA 5505 Config:
name 189.39.115.158 websrv-ext
name 10.100.17.55 websvr-int
interface Vlan1
nameif inside
security-level 100
ip address 10.100.17.10 255.255.255.192
!
interface Vlan2
nameif outside
security-level 50
ip address websrv-ext 255.255.255.252
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.5.1.1
name-server 10.5.1.2
name-server 10.100.16.24
name-server 10.100.27.150
domain-name br.abb.com
access-list 10 extended permit icmp interface inside any
access-list 10 extended permit icmp any interface inside
access-list 20 extended permit udp interface inside interface outside eq domain
access-list 20 extended permit udp interface outside interface inside eq domain
access-list 21 extended permit udp interface inside interface outside eq bootps
access-list 21 extended permit udp interface outside interface inside eq bootps
global (outside) 1 interface
static (inside,outside) interface websvr-int netmask 255.255.255.255 dns
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 189.39.115.157 1
******************************************************************************
Could you please help me, so i can have Internet in TMG Forefront and other stations?
Any help will be apreciated!
12-16-2013 10:25 PM
enable
config t
no static (inside,outside) interface websvr-int netmask 255.255.255.255 dns
nat (inside) 1 0 0
no access-group inside_access_in in interface inside
clear xlate
show arp
show route
Value our effort and rate the assistance!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide