cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
0
Helpful
3
Replies

Cisco ASA Problem

Desmond Smith
Level 1
Level 1

I have configured an ASA 5520 and I configured and inside and an outside interface.

From the asa I can ping the internet (8.8.8.8) and also the internal network computers.
 

From my internal laptop I can ping internal computers and the inside interface of the ASA but I cant get to the internet.

 

Can anyone please shed some light on what may be going on? From the ASA everything looks good as I can ping inside and outside but the internal network cant get to the Internet.

 

 

Thanks,

Desmond

1 Accepted Solution

Accepted Solutions

nofori1382
Level 1
Level 1

You just have to enable dynamic NAT before the inside host can ping the outside network. Use this command.

example:

nat (inside,outside) source dynamic any interface.

 

 

View solution in original post

3 Replies 3

There are multiple things that could go wrong:

  1. Problem with NAT
    Do you have a dynamic NAT-rule for your test-traffic?
  2. Problem with Access-control
    If there is an ACL on the inside interface, does it allow the needed traffic to the internet? Just because you can ping to the ASA doesn't mean that you can ping through the ASA.
  3. Wrong default-gateway on the PC
  4. Wrong testing
    If you only test with ping, that can fail because by default ICMP is not stateful. You have to enable the ICMP-inspection or test with real traffic like http.

The easiest way to find out is the packet-tracer:

packet-tracer input inside tcp 10.10.10.10 1234 1.2.3.4 80

replace 10.10.10.10 with an IP from your internal subnet.

Thanks for the help it was a NAT issue.

nofori1382
Level 1
Level 1

You just have to enable dynamic NAT before the inside host can ping the outside network. Use this command.

example:

nat (inside,outside) source dynamic any interface.

 

 

Review Cisco Networking for a $25 gift card