09-06-2015 09:32 AM - edited 03-11-2019 11:33 PM
Hello!
I am having connectivity issues with clients/devices behind my 5505 connecting to the Internet. I do not have a public static IP but I am using a pass through feature that AT&T has that will assign a dhcp Public IP and pass through the modem to a specified device (I set to my 5505). This part is working properly. I attached a simple drawing I made of my network to visualize what I am talking about. I also posted the show runs of R2 and the 5505. To give a brief summary:
From the 5505:
I can get out to the Internet
I can ping any interface inside my network
I can ping any client inside my network
From R2 and PC A:
I can ping to 10.10.0.1 (the 5505)
I can not ping anything on the Internet (like 8.8.8.8 for example)
If I do a tracert on PC A to 8.8.8.8, it will reach 10.10.0.9 (R2) and then timeout
If I do a traceroute on R2 to 8.8.8.8, it will timeout immediately
I have been troubleshooting and googling but I am still having this issue. I will be honest and say I don't have much experience or knowledge of firewalls and I am trying to learn as I go. If I need to post any other configs just let me know. Please forgive me for any dumb mistakes I made! :)
R2 show run:
R2#sh run
Building configuration...
Current configuration : 2237 bytes
!
! Last configuration change at 19:06:59 UTC Sat Sep 5 2015
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FHK1403F3FU
archive
log config
hidekeys
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 209.165.200.1 255.255.255.0
shutdown
!
interface Loopback1
ip address 10.10.10.101 255.255.255.252
!
interface Loopback2
no ip address
shutdown
!
interface Loopback3
no ip address
shutdown
!
interface FastEthernet0/0
ip address 10.10.0.2 255.255.255.252
ip helper-address 10.10.0.1
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.0.9 255.255.255.252
ip helper-address 10.10.0.1
duplex auto
speed auto
!
router ospf 1
redistribute static subnets
network 10.10.0.0 0.0.0.3 area 0
network 10.10.0.8 0.0.0.3 area 0
network 10.10.10.100 0.0.0.3 area 0
default-information originate
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
logging esm config
nls resp-timeout 1
cpd cr-id 1
!
!
!
!
!
tftp-server flash:P00308000500.bin
tftp-server flash:P00308000500.loads
tftp-server flash:P00308000500.sb2
tftp-server flash:P00308000500.sbn
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
telephony-service
max-ephones 40
max-dn 140
ip source-address 10.10.10.101 port 2000
load 7960-7940 P00308000500
keepalive 15
max-conferences 8 gain -6
transfer-system full-consult
create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
ephone-dn 1 dual-line
number 1111
name Test1
!
!
ephone-dn 3 dual-line
number 3333
name Test2
!
!
ephone 1
device-security-mode none
mac-address 000F.245D.9576
button 1:1
!
!
!
ephone 3
device-security-mode none
mac-address 000A.F408.37EF
button 1:3
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
5505 show run:
DASHASA01# sh run
: Saved
:
ASA Version 8.0(4)
!
hostname DASHASA01
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
shutdown
no nameif
security-level 100
no ip address
!
interface Vlan2
description OUTSIDE
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan3
description INSIDE
nameif inside
security-level 100
ip address 10.10.0.1 255.255.255.252
!
interface Vlan4
shutdown
no nameif
no security-level
no ip address
!
interface Vlan10
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
switchport access vlan 3
speed 100
duplex full
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa804-k8.bin
ftp mode passive
access-list INSIDE_LAN extended permit ip 10.0.0.0 255.0.0.0 any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
route inside 10.0.0.0 255.0.0.0 10.10.0.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
!
prompt hostname context
: end
09-07-2015 09:28 AM
Duplicate Post:-
https://supportforums.cisco.com/discussion/12599441/internet-connectivity-issues-behind-my-5505#comment-10769856
Thanks and Regard,
Vibhor Amrodia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide