cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
491
Views
0
Helpful
2
Replies

CISCO ASA_Blocking all traffic

md.sakibnaz
Level 1
Level 1

Hello.

I have a CISCO ASA firewall. The network looks like:


LAN > L2 Switch > ASA E0/1 - ASA E0/0 > ISP

The interface E0/0 is connected to the ISP end & intercafe E0/1 is connected to my LAN of few PC via a L2 switch.

The problem I am facing is, I can not go internet from my LAN PC. Even I can not web browse. May be the ASA is blocking the traffic's.

I can ping the interface E0/1.

FYI, the runing configurations are attached. Need suggestion please. Thanks in advance.

Regards.

Sakibnaz.

2 Replies 2

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

Please remove the following line:

static (External,Internal) 172.16.1.130 0.0.0.0 netmask 255.255.255.255

Regards,

NT

Allen P Chen
Level 5
Level 5

Hello,

The NAT configuration mentioned in the previous post might be introducing some issues.  Just a follow-up question, I see the following commands in your configuration:

access-list External_access_in_V1 extended permit tcp any host 172.16.1.130

access-group External_access_in_V1 in interface External

Are you trying to allow all outside users to access internal host 172.16.1.130?  Since  you are running software version 7.0 on the ASA, the current ACL will never work, because outside users will need to access this host on a public IP address and not an internal IP address.  If you have a usable external IP address assigned by your ISP that you would like to use for this host, then you will need to configure the following:

access-list External_access_in_V1 extended permit tcp any host

access-group External_access_in_V1 in interface External

static (Internal,External) 172.16.1.130 netmask 255.255.255.255

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: