Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
3
Replies

ASA 5508-x default routes

Go to solution
paradise3net
Level 1
Level 1

‎08-15-2022 09:01 AM

Hello,

This is my first ASA lab building and I have a noobie issue.

This is my ip table routes:

Router-1# show route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 192.168.15.1 to network 0.0.0.0

S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.15.1, INTERNET
C 10.0.0.0 255.255.255.0 is directly connected, INSIDE
L 10.0.0.1 255.255.255.255 is directly connected, INSIDE
C 192.168.15.0 255.255.255.0 is directly connected, INTERNET
L 192.168.15.3 255.255.255.255 is directly connected, INTERNET

I have a computer connected to the INSIDE interface (10.0.0.1) with static ip 10.0.0.5/24

I cannot reach the internet from that computer and I have no clue why.
I can ping 8.8.8.8 from the ASA, but not from the computer.

Internet is 192.168.15.3 

From the computer (10.0.0.5) I can reach the ASA INSIDE interface (10.0.0.1) but not the INTERNET one 192.168.15.3.

 

Thank you,

Laurentiu

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎08-15-2022 09:09 AM

@paradise3net have you configured NAT? You can create an object to represent your internal network and then enable nat behind the outside interface

Example:

object network INTERNAL
 subnet 10.0.0.0 255.255.255.0
 nat (INSIDE,INTERNET) dynamic interface

 

View solution in original post

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎08-15-2022 09:11 AM

two point
ICMP inspection must be enable 
Dynamic NAT must config 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎08-15-2022 09:09 AM

@paradise3net have you configured NAT? You can create an object to represent your internal network and then enable nat behind the outside interface

Example:

object network INTERNAL
 subnet 10.0.0.0 255.255.255.0
 nat (INSIDE,INTERNET) dynamic interface

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎08-15-2022 09:11 AM

two point
ICMP inspection must be enable 
Dynamic NAT must config 

0 Helpful

Go to solution
paradise3net
Level 1
Level 1

‎08-15-2022 11:33 AM

Thank you guys, I really appreciate your help.

NAT was the issue  

The configuration is a little bit different from what I used to know (5 years ago I achived CCNA but not practice since ) .

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card