01-15-2012 10:39 AM - edited 03-11-2019 03:14 PM
Hi, I hope someone can help me. An ASA5510 (with 1 webserver behind it, just starting to build the cluster) was functioning OK with version 8.2: I was able to log in using RDP to the server bhind it from some trusted IP's.
I updated ASDM to the latest version 6.4.7, and then the ASA-software to 8.3.2. After reloading, I could not access the server anymore. I saw that changes were made to the config. Then I updated to version 8.4.3, same results of course, and this is the config. Can anyone help me by telling what I should change to get it working again?
Thx very much!
cisco# sh ru
: Saved
:
ASA Version 8.4(3)
!
hostname cisco
domain-name domainname.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd MOhAB706upGiCD8v encrypted
names
name XX.XX.152.102 ipOutside
name 172.16.152.126 ipInside
name XX.XX.152.126 ipGateway
name XX.XX.154.12 ipTimeServer
name XX.XX.227.113 srcJaapHQ
name XX.XX.36.186 srcJaapHQ2
name XX.XX.74.202 srcCasperHome
name 172.16.152.103 svrWE02_ILO_Inside
name XX.XX.152.103 svrWE02_ILO_Outside
name 172.16.152.104 svrWE02Inside
name XX.XX.152.104 svrWE02Outside
name XX.XX.198.101 srcEvoSwitch
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address ipOutside 255.255.255.224
!
interface Ethernet0/1
nameif inside
security-level 100
ip address ipInside 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
boot system disk0:/asa843-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name webenable.nl
object-group network obj-172.16.152.0
object-group network svrWE02Inside
object-group network svrWE02Outside
object-group network obj_any
object-group network svrWE02_ILO_Outside
object-group network FullyTrustedSources
network-object host srcCasperHome
network-object host srcJaapHQ
network-object host srcJaapHQ2
network-object host srcEvoSwitch
object-group service Services_NonPublic_WE02ILO tcp
port-object eq www
object-group service Services_NonPublic_WE02 tcp
port-object eq 3389
port-object eq www
access-list inside_nat0_outbound extended permit ip any 172.16.152.0 255.255.255.0
access-list Private standard permit 172.16.199.0 255.255.255.0
access-list outside_access_in extended permit icmp object-group FullyTrustedSources any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 ipGateway 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http srcJaapHQ 255.255.255.255 outside
http srcJaapHQ2 255.255.255.255 outside
http srcCasperHome 255.255.255.255 outside
http 172.16.152.0 255.255.255.0 inside
http srcEvoSwitch 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh srcJaapHQ 255.255.255.255 outside
ssh srcJaapHQ2 255.255.255.255 outside
ssh srcCasperHome 255.255.255.255 outside
ssh srcEvoSwitch 255.255.255.255 outside
ssh 172.16.152.0 255.255.255.0 inside
ssh 192.168.1.0 255.255.255.0 management
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server ipTimeServer source outside prefer
ssl encryption des-sha1
webvpn
username admin password ztUzXsDyW6EdO7Uz encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:cb5e56b7cbba929561d64f896d7c7076
: end
Solved! Go to Solution.
01-15-2012 02:47 PM
you are missing config on the outside_in access list, and your nat config missing. Fix these 2 things and it should all work for you.
Sent from Cisco Technical Support iPad App
01-15-2012 12:38 PM
compare the config before the upgrade from 8.2 > 8.3 to see the differences
Sent from Cisco Technical Support iPad App
01-15-2012 12:45 PM
Sure, I did that. I noticed that the configurationsyntax has changed, and was converted automatically. Unfortunately not in a correct way. Since I am not familiar with this new syntax, I hope some expert will help me...
01-15-2012 12:53 PM
post the before and after config changes
Sent from Cisco Technical Support iPad App
01-15-2012 01:17 PM
This is the working 8.2 config...
cisco# sh ru
: Saved
:
ASA Version 8.2(3)
!
hostname cisco
domain-name domainname.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd MOhAB706upGiCD8v encrypted
names
name XX.XX.152.102 ipOutside
name 172.16.152.126 ipInside
name XX.XX.152.126 ipGateway
name XX.XX.154.12 ipTimeServer
name XX.XX.227.113 srcJaapHQ
name XX.XX.36.186 srcJaapHQ2
name XX.XX.74.202 srcCasperHome
name 172.16.152.103 svrWE02_ILO_Inside
name XX.XX.152.103 svrWE02_ILO_Outside
name 172.16.152.104 svrWE02Inside
name XX.XX.152.104 svrWE02Outside
name XX.XX.198.101 srcEvoSwitch
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address ipOutside 255.255.255.224
!
interface Ethernet0/1
nameif inside
security-level 100
ip address ipInside 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
boot system disk0:/asa823-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name webenable.nl
object-group network FullyTrustedSources
network-object host srcCasperHome
network-object host srcJaapHQ
network-object host srcJaapHQ2
network-object host srcEvoSwitch
object-group service Services_NonPublic_WE02ILO tcp
port-object eq www
object-group service Services_NonPublic_WE02 tcp
port-object eq 3389
port-object eq www
access-list inside_nat0_outbound extended permit ip any 172.16.152.0 255.255.255 .0
access-list Private standard permit 172.16.199.0 255.255.255.0
access-list outside_access_in extended permit icmp object-group FullyTrustedSour ces any
access-list outside_access_in extended permit tcp object-group FullyTrustedSourc es host svrWE02_ILO_Outside object-group Services_NonPublic_WE02ILO
access-list outside_access_in extended permit tcp object-group FullyTrustedSourc es host svrWE02Outside object-group Services_NonPublic_WE02
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) svrWE02Outside svrWE02Inside netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 ipGateway 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http srcJaapHQ 255.255.255.255 outside
http srcJaapHQ2 255.255.255.255 outside
http srcCasperHome 255.255.255.255 outside
http 172.16.152.0 255.255.255.0 inside
http srcEvoSwitch 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh srcJaapHQ 255.255.255.255 outside
ssh srcJaapHQ2 255.255.255.255 outside
ssh srcCasperHome 255.255.255.255 outside
ssh srcEvoSwitch 255.255.255.255 outside
ssh 172.16.152.0 255.255.255.0 inside
ssh 192.168.1.0 255.255.255.0 management
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server ipTimeServer source outside prefer
ssl encryption des-sha1
webvpn
username admin password ztUzXsDyW6EdO7Uz encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c1b8bfe8908dc6a75844416f896b1845
: end
cisco# sh ru
: Saved
:
ASA Version 8.2(3)
!
hostname cisco
domain-name webenable.nl
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd MOhAB706upGiCD8v encrypted
names
name XX.XX.152.102 ipOutside
name 172.16.152.126 ipInside
name XX.XX.152.126 ipGateway
name 213.239.154.12 ipTimeServer
name 213.144.227.113 srcJaapHQ
name 95.97.36.186 srcJaapHQ2
name 213.125.74.202 srcCasperHome
name 172.16.152.103 svrWE02_ILO_Inside
name XX.XX.152.103 svrWE02_ILO_Outside
name 172.16.152.104 svrWE02Inside
name XX.XX.152.104 svrWE02Outside
name XX.XX.198.101 srcEvoSwitch
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address ipOutside 255.255.255.224
!
interface Ethernet0/1
nameif inside
security-level 100
ip address ipInside 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
boot system disk0:/asa823-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name webenable.nl
object-group network FullyTrustedSources
network-object host srcCasperHome
network-object host srcJaapHQ
network-object host srcJaapHQ2
network-object host srcEvoSwitch
object-group service Services_NonPublic_WE02ILO tcp
port-object eq www
object-group service Services_NonPublic_WE02 tcp
port-object eq 3389
port-object eq www
access-list inside_nat0_outbound extended permit ip any 172.16.152.0 255.255.255 .0
access-list Private standard permit 172.16.199.0 255.255.255.0
access-list outside_access_in extended permit icmp object-group FullyTrustedSour ces any
access-list outside_access_in extended permit tcp object-group FullyTrustedSourc es host svrWE02_ILO_Outside object-group Services_NonPublic_WE02ILO
access-list outside_access_in extended permit tcp object-group FullyTrustedSourc es host svrWE02Outside object-group Services_NonPublic_WE02
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) svrWE02Outside svrWE02Inside netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 ipGateway 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http srcJaapHQ 255.255.255.255 outside
http srcJaapHQ2 255.255.255.255 outside
http srcCasperHome 255.255.255.255 outside
http 172.16.152.0 255.255.255.0 inside
http srcEvoSwitch 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh srcJaapHQ 255.255.255.255 outside
ssh srcJaapHQ2 255.255.255.255 outside
ssh srcCasperHome 255.255.255.255 outside
ssh srcEvoSwitch 255.255.255.255 outside
ssh 172.16.152.0 255.255.255.0 inside
ssh 192.168.1.0 255.255.255.0 management
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server ipTimeServer source outside prefer
ssl encryption des-sha1
webvpn
username admin password ztUzXsDyW6EdO7Uz encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c1b8bfe8908dc6a75844416f896b1845
: end
01-15-2012 02:47 PM
you are missing config on the outside_in access list, and your nat config missing. Fix these 2 things and it should all work for you.
Sent from Cisco Technical Support iPad App
01-16-2012 02:03 AM
Ok, thanks! I made the changes according to this tutorial-video: https://supportforums.cisco.com/docs/DOC-12324
and it works!
Great!
01-16-2012 02:47 AM
For anyone else who needs a simple ASA5510 config with some static routes to use webservers, here's the basic config:
ASA Version 8.4(3)
!
hostname cisco
domain-name domainname.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd MOhAB706upGiCD8v encrypted
names
name XX.XX.152.102 ipOutside
name 172.16.152.126 ipInside
name XX.XX.152.126 ipGateway
name 213.239.154.12 ipTimeServer
name XX.XX.74.202 srcHome
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address ipOutside 255.255.255.224
!
interface Ethernet0/1
nameif inside
security-level 100
ip address ipInside 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name webenable.nl
object network svrWE02
host 172.16.152.104
object network svrWE02ILO
host 172.16.152.103
object-group network FullyTrustedSources
network-object host srcHome
object-group service Services_NonPublic_WE02ILO tcp
port-object eq www
port-object eq https
port-object eq ssh
port-object eq 17990
port-object eq 17988
port-object eq 623
object-group service Services_NonPublic_WE02 tcp
port-object eq 3389
port-object eq www
access-list inside_nat0_outbound extended permit ip any 172.16.152.0 255.255.255.0
access-list Private standard permit 172.16.152.0 255.255.255.0
access-list outside_access_in extended permit icmp object-group FullyTrustedSources any
access-list outside_access_in extended permit tcp object-group FullyTrustedSources host 172.16.152.104 object-group Services_NonPublic_WE02
access-list outside_access_in extended permit tcp object-group FullyTrustedSources host 172.16.152.103 object-group Services_NonPublic_WE02ILO
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
!
object network svrWE02
nat (inside,outside) static XX.XX.152.104
object network svrWE02ILO
nat (inside,outside) static XX.XX.152.103
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 ipGateway 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http srcHome 255.255.255.255 outside
http 172.16.152.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh srcHome 255.255.255.255 outside
ssh 172.16.152.0 255.255.255.0 inside
ssh 192.168.1.0 255.255.255.0 management
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server ipTimeServer source outside prefer
ssl encryption des-sha1
webvpn
username admin password ztUzXsDyW6EdO7Uz encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:8b55959660d6ea2b0359d80b83d414bc
: end
04-18-2012 04:41 AM
Hello ,
Could you help please?
I have the same problem like yours I upgraded from 8.0 to 8.4(2), but i can access Internet at the moment.
Would youtry to explaine how to configure you nat please
In my case i have these ;
nat (inside) 1 00
global (outside) 1 interface
nat ( inside ) 0 access-list inside-nat0-outbound
global (inside) 2 interface
I would be glad on your feed bac
Cheers
04-18-2012 05:06 AM
The upgrade does make some 'changes' but I my case the firewall did not function anymore. I'll try to help you, but first you should tell what you want the ASA to do _exactly_.
04-18-2012 05:30 AM
I just want to be connected to Internet , although my ASA5510 are in Active /Standby mode
04-24-2012 12:30 AM
Ok, then you should add a static route like this (for one server to access the internet),
where YourInsideServerIP could be like 10.0.0.1, YourGatewayIP 10.0.0.254
object network YourServerName
host YourInsideServerIP
object network YourServerName
nat (inside,outside) static YourOutsideIP
access-list inside_nat0_outbound extended permit ip any 10.0.0.0 255.255.255.0
access-list Private standard permit 10.0.0.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 YourGatewayIP 1
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: