Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1678
Views
0
Helpful
9
Replies

Cisco 5510 - Unable to connect to the internet

andyferguson1977
Level 1
Level 1

‎10-09-2018 06:10 AM - edited ‎02-21-2020 08:20 AM

Hi All

Can you please help me.

My comcast modem is in bridge mode and i'm unable to connect to the internet.

Ethernet0/0 is up put I can't browse the web or even ping google.com

Please see config below..................Thanks

interface Ethernet0/0
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.198.1.100 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.46 255.255.255.0
!
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2
domain-name strategiclynk.local
object service RDP-Service-Custom
service tcp destination eq 12012
object network obj-0.0.0.0
subnet 0.0.0.0 0.0.0.0
description Inside to go to internet
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply outside
icmp permit any echo outside
no asdm history enable
arp timeout 14400
!
nat (inside,outside) after-auto source dynamic any interface
route outside 0.0.0.0 0.0.0.0 73.139.42.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.46 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 management
http 192.168.1.0 255.255.255.255 management
http authentication-certificate inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=CL-ASA-FW
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 79bbb25b
308201fb 30820164 a0030201 02020479 bbb25b30 0d06092a 864886f7 0d010105
05003042 31123010 06035504 03130943 4c2d4153 412d4657 312c302a 06092a86
4886f70d 01090216 1d434c2d 4153412d 46572e73 74726174 65676963 6c796e6b
2e6c6f63 616c301e 170d3138 31303032 31373135 34305a17 0d323830 39323931
37313534 305a3042 31123010 06035504 03130943 4c2d4153 412d4657 312c302a
06092a86 4886f70d 01090216 1d434c2d 4153412d 46572e73 74726174 65676963
6c796e6b 2e6c6f63 616c3081 9f300d06 092a8648 86f70d01 01010500 03818d00
30818902 818100e3 f9b02552 79da8ba2 d458c649 419bd200 473cf577 862b786d
3ef20506 3c0dc05f df0e285c 8333ac59 e0494190 d8d300da 1b104102 808e6f0c
dcf0ecb4 b92bb516 03882305 8d3dc890 1c0b0ee9 f8a597fe ec43a354 845bb666
26cd6a3a 658591ff c3e3bf7b c20c1d4d 934850b7 77257b29 a3c3bfa4 4cd02e23
2f3c7a25 d5d0e502 03010001 300d0609 2a864886 f70d0101 05050003 8181000e
fafe821d 080cfd79 96dc5f6a 3f80f569 42e68cfd ff950c7b 45caf35a f4ded579
12ee5725 fd362406 348f4542 83957b25 cd95aca1 2281fd98 380ab705 be242010
747bf721 45522a44 a1409f29 a1d310dd bc4fbfc3 742f8aa4 54023c1e 9535ee8b
6fe6872c e51fe90c 934a9d22 d0a711a6 667440a8 fd49bb25 e3f998b7 86e0c2
quit
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username strategiclynk password o.JsKSZ8AvKIe7Gf encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:efc63cf58c45ea76ec68762a4744d366

 

 

0 Helpful
9 Replies 9

Ajay Saini
Level 7
Level 7

‎10-09-2018 06:41 AM

Hello,

 

Looks like the ASA is configured as a DHCP client, does it receive an ip address from ISP:

 

check output of 'show ip' and 'show route'

 

Is this a new setup or something changed? For testing, you can connect a laptop to modem and see if it gets an ip address from modem.

 

HTH

AJ

 

 

0 Helpful

andyferguson1977
Level 1
Level 1
In response to Ajay Saini

‎10-09-2018 07:21 AM

Yes, it's getting an IP address but I still cannot connect to the internet.

 

0 Helpful

andyferguson1977
Level 1
Level 1
In response to Ajay Saini

‎10-09-2018 07:22 AM

Do I need an access list

0 Helpful

evlaa1990
Level 1
Level 1
In response to andyferguson1977

‎10-09-2018 07:39 AM

Can you ping the gateway of your default route from the ASA or from an inside client? 

0 Helpful

andyferguson1977
Level 1
Level 1
In response to Ajay Saini

‎10-09-2018 07:22 AM

Unable to ping to google.com also

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to andyferguson1977

‎10-09-2018 09:56 AM

what is your Device IP, can you ping your gateway, if yes can you try ping 8.8.8.8

can you post the details of the above to assists and understand better.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

andyferguson1977
Level 1
Level 1
In response to balaji.bandi

‎10-09-2018 04:19 PM

Hi Friend

I cannot ping the device gateway or 8.8.8.8 

0 Helpful

andyferguson1977
Level 1
Level 1
In response to andyferguson1977

‎10-09-2018 07:00 PM

Can someone help, please

0 Helpful

Ajay Saini
Level 7
Level 7
In response to andyferguson1977

‎10-09-2018 09:12 PM

Hello,

 

If you are unable to reach the gateway, its likely that its an ISP issue. As I mentioned earlier, do you get same results when connecting a laptop instead of the ASA. Try checking with ISP if the issue happens with laptop as well.

 

For the ping from-the-box you don't need an access list.

 

HTH
AJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card