Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3527
Views
10
Helpful
5
Replies

ASA not able to ping internet

Waterbird
Level 1
Level 1

‎10-25-2019 06:22 AM

Hello. I'm attempting to configure the ASA in the GNS3 topology show below.  I was able to set up the ASA as a DHCP server to configure the computer, so the inside network appears to be configured correctly.  However, I'm not able to ping google.com or 8.8.8.8 from the ASA. 

 

The NAT node in the diagram is supposed to provide DHCP services.  I configured the ASA's interface gig 0/0 to receive it's IP addressing from DHCP using this command.  It worked, and received an address from the NAT node's pool.

ip address dhcp

I'm assuming, then, that I'm missing some additional configurations on the ASA to make the ASA act as a DCHP client for other things like DNS and the default gateway, which I assume will be sent also by the NAT node once the ASA is configured correctly. I've reviewed the ASA DHCP documentation but only found information there on DHCP server configuration, but nothing on DHCP client configuration for the ASA itself. I also reviewed the GNS3 NAT node documentation and found nothing about what the default gateway address is, or anything that would help me manually configure this. 

 

I've posted the commands I've so far entered in the ASA.  Please advise as to what I'm missing here.  Thanks!

Labels:
Preview file
49 KB
Preview file
24 KB
0 Helpful
5 Replies 5

kubn2
Level 1
Level 1

‎10-25-2019 07:47 AM

Hi,

To make dhcp on ASA to provide default gateway you need use command: dhcpd option 3 ip gateway_ip

On client side there is nothing needed to be configured just switch option on PC to download IP configuration from DHCP server and it should found ASA automatically.

0 Helpful

Rob Ingram
VIP
VIP

‎10-25-2019 07:50 AM

Hi,
Does the ASA itself have a default route? Configure "ip address dhcp setroute", in order for the outside interface to learn the default route via DHCP.

HTH

Waterbird
Level 1
Level 1
In response to Rob Ingram

‎10-25-2019 08:22 AM

I applied the "ip address dhcp setroute" command.  It receives an IP address.  The ASA can can ping 8.8.8.8 but not google.com.  It gives the error invalid hostname.

 

 

0 Helpful

Rob Ingram
VIP
VIP
In response to Waterbird

‎10-25-2019 08:34 AM

You will need to enable DNS domain lookup on the outside interface and define the name server, then you should be able to ping a host name from the ASA.

dns domain-lookup outside
dns name-server 8.8.8.8

Waterbird
Level 1
Level 1
In response to Rob Ingram

‎10-25-2019 08:33 AM - edited ‎10-28-2019 10:51 PM

The question is partially solved, but not completely solved, at least for my topology.  Using the configs recommended above, my ASA can ping the IP address, but not the DNS name, of websites.

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card