cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
29253
Views
0
Helpful
3
Replies

ASA 5510 - Failed to locate egress interface

Jeremy Morris
Level 1
Level 1

having a bit of trouble setting up our 5510.  None of us have ever played with a firewall before.  We've got most of the basics covered.  I was able to get to the outside world to do a software update to the box, but my laptop that sits in the inside can't see the outside.  We only have the default access rules in place at the moment.  Our old ISA firewall rules don't really translate all that well to this new box.

Thanks.

Jeremy                  

3 Replies 3

r_j_gale
Level 1
Level 1

Hi Jeremy,

There can be a number of things, firstly I'd say check the following

1) Are you running nat-control (sh run nat-control)

2) Do you have any nats setup ( sh run nat, sh run global, sh run static)

3) Check your inside access-list if defined, if not ensure your inside security level is higher than your outside security level.

4) finaly try a packet-trace which should give you some cryptic output, but will help...

    packet-trace input inside icmp 192.168.1.16 8 0 4.2.2.2

(this will do a echo (type 8 code 0) request from interface named "inside" 192.168.1.16 to 4.2.2.2 and shows if its allowed or will be dropped, if the above doesnt help, post the output of this into the errr...post!

Cheers,

Rich