Re: Cant access the internet from LAN.

ecala · ‎10-07-2013

xx

johnlloyd_13 · ‎10-07-2013

hi,

could you add:

interface vlan x

nameif outside

ip address OR ip address dhcp setroute

int eth0/0

switchport access vlan x

route outside 0 0 // FOR STATIC IP

object network INSIDE_SEGMENT

subnet 10.10.0.0 255.255.255.224

nat (any,outside) dynamic interface

narawat · ‎10-08-2013

Hi,

As you mentioned that you can ping websites from internal LAN and cannot open the pages, This clearly states that this is an issue with the dns resolution.

Next thing the configuration shows that you are not using this firewall as internet gateway, so if you can get us the topology that you are using, it would be lot better to comment on the issue that you are facing.

Also if you can get us the output for packet-tracer on the ASA.

packet-tracer input inside udp 10.10.0.55 1234 4.2.2.2 53 detailed

packet-tracer input inside tcp 10.10.0.55 1234 4.2.2.2 80 detailed

Cheers,

Naveen

Oscar Castillo · ‎10-09-2013

- 1 Create an object:

object network internet

subnet 0.0.0.0 0.0.0.0

- 2 Create an ACL

access-list outside_in extended permit icmp any any object-group ICMP

access-list outside_in extended permit icmp any interface outside

access-list outside_in remark Internet - (Just a description)

- 3 Create a NAT

object network internet

nat (inside,outside) dynamic interface

- 4 Create an Access Group (Should be named as the ACLs)

access-group outside_in in interface outside

Regards,

cant