08-25-2010 08:34 AM - edited 03-11-2019 11:30 AM
Hello.
I have a CISCO ASA firewall. The network looks like:
LAN > L2 Switch > ASA E0/1 - ASA E0/0 > ISP
The interface E0/0 is connected to the ISP end & intercafe E0/1 is connected to my LAN of few PC via a L2 switch.
The problem I am facing is, I can not go internet from my LAN PC. Even I can not web browse. May be the ASA is blocking the traffic's.
I can ping the interface E0/1.
FYI, the runing configurations are attached. Need suggestion please. Thanks in advance.
Regards.
Sakibnaz.
08-25-2010 08:40 AM
Hello,
Please remove the following line:
static (External,Internal) 172.16.1.130 0.0.0.0 netmask 255.255.255.255
Regards,
NT
08-25-2010 10:19 AM
Hello,
The NAT configuration mentioned in the previous post might be introducing some issues. Just a follow-up question, I see the following commands in your configuration:
access-list External_access_in_V1 extended permit tcp any host 172.16.1.130
access-group External_access_in_V1 in interface External
Are you trying to allow all outside users to access internal host 172.16.1.130? Since you are running software version 7.0 on the ASA, the current ACL will never work, because outside users will need to access this host on a public IP address and not an internal IP address. If you have a usable external IP address assigned by your ISP that you would like to use for this host, then you will need to configure the following:
access-list External_access_in_V1 extended permit tcp any host
access-group External_access_in_V1 in interface External
static (Internal,External)
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide