Re:ASA to allow internet traffic to multiple networks - Page 2

jwood1650 · ‎04-17-2013

The attached jpeg shows my network. I want to be able to access the internet from all routers behind the ASA. How is that done?

jwood1650 · ‎04-18-2013

So from what I know (not too much...yet) my config should allow my PC connected to the 30.0.36.0/24 network have internet access. I can ping from the CLI on R5 to the ASA, and ASA to R5. I can also ping the ASA from the client PC and visversa. But I can't seem to get to the internet. Do I need a default route statement on all my routers to allow this? I'm stumbted at this point.

jwood1650 · ‎04-18-2013

I have internet access but can't ping out on my ASA just get the ?????

Sent from Cisco Technical Support Android App

Rudy Sanjoko · ‎04-19-2013

That is a normal behaviour as result from your icmp deny any outside command on the ASA, try to remove that line or allow only google ip just for testing purpose. below commands are to allow ping only from 8.8.8.8 to your outside interface and deny any other ip that tries to ping your outside interface.

icmp permit host 8.8.8.8 outside

icmp deny any outside

EDIT: make sure the icmp permit host 8.8.8.8 outside command is above the deny any command.

jwood1650 · ‎04-19-2013

Thanks Rudy, that worked for the ping test....but I still don't have internet access on my client PC. Can't ping 8.8.8.8 form it, but can ping the ASA 10.0.10.1.

Does my config above look right for the Client PC (30.0.36.4) to access the internet?

Do I need another static route on my ASA for the 30.0.36.0 network?

Sorry just at a loss right now with this...

Thanks in advance for the help.

jwood1650 · ‎04-21-2013

Figured it out...just needed to default routes on all my routers. Works just fine now. Thanks all for the help.