01-27-2015 06:38 AM - edited 03-11-2019 10:24 PM
I have configured an ASA 5505 with version 9.2.1 from scratch. I have set up my internal network 10.1.1.0/24 on VLAN 1 and VLAN2 to get IP Add and route via DHCP. I also have set up pat to use the outside address so users can reach the internet. DHCP has been set up as well.
When I connect with a PC it goes out to the internet and everything is okay. As soon as I try to get the second, third, ect devices to the internet it will not allow me.
Has anyone seen this before or is there anything I am doing wrong?
01-27-2015 07:37 AM
Hi,
Can't say I see any problem with the actual configurations.
Have you monitored the logs from the ASA through ASDM to see what happens to the other hosts when they try to connect?
If you happen to have a Base License ASA5505 that should already mean that you should be able to have 10 hosts behind the ASAs "inside" interface before the ASA starts blocking connections from other hosts. Is there any possibility that devices are connect to the network with the ASA that have already taken up the limit of 10 users?
You could first check the actual license with
show version
You could then check how many hosts against the limit/license the device itself is seeing
show local-host
The output should be at the very start of the output. Other information is related to the hosts and their connections and translations.
I think I have seen some posts in the past that say that the 10 user limit is not working correctly and there has possibly been some bug. You can always try rebooting the firewall (save configuration first)
If for some odd reason the Dynamic PAT configurations (which is fine) does not work we can try another configuration format like below
nat (inside,outside) after-auto source dynamic any interface
In that case you could remove the original NAT configuration.
But I would assume with the above "show" commands and just looking at the ASDM logs you should be able to determine what the problem is.
- Jouni
01-27-2015 12:34 PM
Thank you for your reply I will try this and let you know what I find out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide