Dear Mr.Marvin Rhoads ,

Thanks for your replay as per enclosed config on interface GigabitEthernet0/1 we connected directly to one system and given lan ip dhcp on systems dhcp ip is resolved from system we able to ping to ASA geteway ip but from system we are not getting internet.we are not  configured any host .

We have fortigate firewall find the enclosed FG configure we want to replace FG to ASA5525-SSD120-K9 please suggest me how to configure on ASA.

What test are you using to "get Internet"?

I would suggest you do the following to clean up the config:

1. remove the global ACL allowing ip any-any

2. remove the application of outside service-policy and

3. add the icmp inspection to the global policy.

conf t

no access-group 101 global

no service-policy outside-policy interface outside

policy-map global_policy
class inspection_default
  inspect icmp

end
wr mem

Then provide output of the following commands from the ASA:

ping 4.2.2.2

packet-tracer input inside icmp 192.168.5.11 0 0 4.2.2.2 detailed

Dear Sir,

Please give me basic commands for 5525X for inter net configuration to local system.

On 5510 if i given these commands i getting internet to local systems, but same commands not allowed to 5525X suggested me commands on Version 9.1(3) 

nat-control
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1.

We have lic file how can i get licence to asa we need key for activate the license.

When you say license file what type of license are you talking about?

There is an ASA feature license and an ASA CX Net Generation Firewall subscription license file.

The ASA feature license is delivered in the for of a Product Activation Key (PAK) which you use to get an activation-key for the ASA. You can go to http://www.cisco.com/go/license to obtain that activation-key.

If you have an NGFW license file you install and activate that using the PRSM interface.

On http://www.cisco.com/go/license i done the register licence for 

Description: ASA 5525-X AVC,WSE, IPS 3 Year 

and with lic file se got the instruction from cisco as per below.

Follow these steps to install your ASA-CX license file:

1.       Select Administration > Licenses.
2.       Select I want to > Upload License File.
3.       In the Upload License File panel, click Browse and select the license file from your workstation or network drive.
4.       Click Upload.

where can  i found the step 1

1.       Select Administration > Licenses.

please suggest me

Did you try the commands I already gave you earlier?

The ones you listed above (nat-control etc.) are old style Pix / pre 8.3 syntax. The ones in the initial configuration you posted look OK with the changes I suggested already.

As Marvin has mentioned, your config looks fine for access to the internet.

could you please run a packet tracer which might shed some light on what is happening:

packet-tracer input inside tcp 192.168.5.20 12345 4.2.2.2 80 detail

Post the output here.

--

Please remember to select a correct answer and rate helpful posts