Solved: CISCO ASA 5510

antrikos_kal · ‎09-27-2018

Hi people!

I have an issue, while it shows that I am connected to a network and it's having internet.I can't open pages.I suspect it's a dns issue or a routing one.I paste you my config.

asa5510(config)# show conf

: Saved

: Written by enable_15 at 08:45:59.679 UTC Fri Sep 28 2018

!

ASA Version 8.2(3)

!

hostname asa5510

enable password q8T4CMxktyniQ6iM encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 192.168.1.2 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.1.1.2 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

management-only

!

ftp mode passive

pager lines 24

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-634.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 10.1.1.0 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd dns 212.205.212.205 195.170.0.1

dhcpd auto_config outside

!

dhcpd address 10.1.1.3-10.1.1.15 inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:9d4c03e5cc68024fa6d8952772f2b20b

any help would be really appreciated.

balaji.bandi · ‎09-27-2018

Quickly looked at your configuration, lets start with checking below command. test and advise.

route outside 0.0.0.0 0.0.0.0 10.1.1.0 1 <--- 192.168.1.X

example like this

config t

!

no route outside 0.0.0.0 0.0.0.0 10.1.1.0 1

route outside 0.0.0.0 0.0.0.0 192.168.1.X 1 ((X is your outside internet gateway IP)

!

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎09-27-2018

Quickly looked at your configuration, lets start with checking below command. test and advise.

route outside 0.0.0.0 0.0.0.0 10.1.1.0 1 <--- 192.168.1.X

example like this

config t

!

no route outside 0.0.0.0 0.0.0.0 10.1.1.0 1

route outside 0.0.0.0 0.0.0.0 192.168.1.X 1 ((X is your outside internet gateway IP)

!

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

antrikos_kal · ‎09-27-2018

Ok, thank you very much, will try it when back home, I am out for coffee.I am an ex PIX, I had a PIX 515E.I am new as snow to ASA technology.

Really appreciate your help.

antrikos_kal · ‎09-28-2018

That worked, thank you very much.Greetings from Greece.

antrikos_kal · ‎09-28-2018

Houston, we've got a problem!

after a while loses internet.i need to mark here that my eth cable is damaged.it could be the cable or the dns?we have a bad weather here btw.

antrikos_kal · ‎09-28-2018

I noticed that If I reload the asa it connects.

antrikos_kal · ‎09-28-2018

It's probably a dns issue from my isp.I switched to OpenDNS and for almost an hour now doesn't seem to drop internet.I will let you know.I will keep uptime for a day or two and we'll close the thread.Thanks.

balaji.bandi · ‎09-28-2018

No problem keep us post how it goes...

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

antrikos_kal · ‎09-28-2018

Good morning from Greece,

I was online all night.It's stable.Thank you very much friend.Your help was precious to me.I am really enjoying it.I have many cisco press books for ASA/PIX/FWSM.Will study them to help me secure them.

Sincerely yours,

Andrew A. Karydis.