09-01-2012 08:59 PM - edited 03-11-2019 04:48 PM
Dear All,
I have an ASA 5505 behind my internet router. i have got only one public ip configured on the router outside interface.192.168.20.0/24 subnet is configured between ASA and router and inside network is 192.168.10.0/24 (Please refer the attached diagram).
I have exposed my mail server and ftp server to public through static PAT in router and ASA with the same public on router outside interface. Iam facing issue some of the machines inside my network internet is not working(actually DNS is not resolving) some of the PC's internet is working fine some of the PC's randomly working. i have attached the diagram and ASA config , after this issue is sorted out i need to configure a L2L VPN to my head office ,Kindly help to find out the issue..
Thanks in Advance..
Shanil
Solved! Go to Solution.
09-02-2012 06:49 AM
Hi Shanil,
"some of the machines inside my network internet is not working(actually DNS is not resolving) some of the PC's internet is working fine some of the PC's randomly working"
Assuming all the PC configs (IP/Subnet/DNS/physical connectivity etc) is correct, does ASA have required license or any limited hosts (50) license?
I had seen posting related to L2L config scenarios similar to yours, pls search the forum. Feel free to post any questions to resolve any issue though.
hth
MS
09-03-2012 07:51 AM
Hi Bro
mvsheik123 is correct. Your Cisco ASA 5505 currently comes with a 10-User Bundle license. I believe you've more than 10 IP Addresses from your LAN that passes through the Cisco ASA 5505. For this reason, you're currently facing intermittent network connectivity issues with regards to DNS. I know this because of the error message seen in your show logging output, that you provided;
%ASA-4-450001: Deny traffic for protocol 17 src inside:192.168.10.28/51810 dst outside:212.217.0.1/53, licensed host limit of 10 exceeded.
Moving forward, you'll need to upgrade your Cisco ASA 5505 to either ASA5505-50-BUN-K9 license or ASA5505-UL-BUN-K9 license or ASA5505-SEC-BUN-K9 license (this is preferred).
P/S: If you think this comment is useful, please do rate it nicely :-)
09-03-2012 10:10 PM
ASA5505-50-BUN-K9 license = 50 Users
ASA5505-UL-BUN-K9 license = Unlimited Users
ASA5505-SEC-BUN-K9 license = Unlimited Users
09-02-2012 06:49 AM
Hi Shanil,
"some of the machines inside my network internet is not working(actually DNS is not resolving) some of the PC's internet is working fine some of the PC's randomly working"
Assuming all the PC configs (IP/Subnet/DNS/physical connectivity etc) is correct, does ASA have required license or any limited hosts (50) license?
I had seen posting related to L2L config scenarios similar to yours, pls search the forum. Feel free to post any questions to resolve any issue though.
hth
MS
09-02-2012 07:15 AM
Hi Bro
With regards to your issue, is there any show logging that you could paste here, at the time of the issue? By the way, if I were you, I would remain the Cisco ASA as a pure Firewall and run the NAT, VPN etc on the Cisco Router instead.
Please do paste the show version output as well. How many LAN users do you have behind the FW?
09-02-2012 11:54 PM
Dear Ramraj/MS
The internet router is not CISCO ,its segam from Morocco telecom and wont support L2L VPN(thats makes things difficult). and if i remove ASA and directly connect my network to this internet router ecerything is working fine,(this is the current setup).
partial L2L configuration is there in ASA for connecting to my HO. but first we need to resolve this issue ,then have to proceed with Site-to-Site VPN.
i will post the sh logging shortly, Apreciate your help to resolve the issue..
Thanks
Shanil
09-03-2012 07:38 AM
09-03-2012 07:51 AM
Hi Bro
mvsheik123 is correct. Your Cisco ASA 5505 currently comes with a 10-User Bundle license. I believe you've more than 10 IP Addresses from your LAN that passes through the Cisco ASA 5505. For this reason, you're currently facing intermittent network connectivity issues with regards to DNS. I know this because of the error message seen in your show logging output, that you provided;
%ASA-4-450001: Deny traffic for protocol 17 src inside:192.168.10.28/51810 dst outside:212.217.0.1/53, licensed host limit of 10 exceeded.
Moving forward, you'll need to upgrade your Cisco ASA 5505 to either ASA5505-50-BUN-K9 license or ASA5505-UL-BUN-K9 license or ASA5505-SEC-BUN-K9 license (this is preferred).
P/S: If you think this comment is useful, please do rate it nicely :-)
09-03-2012 09:59 PM
Thank you very much MVsheik and Ramraj..could you please tell me how many users the below mentioned licenses will support?
Regards
Shanil
09-03-2012 10:10 PM
ASA5505-50-BUN-K9 license = 50 Users
ASA5505-UL-BUN-K9 license = Unlimited Users
ASA5505-SEC-BUN-K9 license = Unlimited Users
09-04-2012 01:47 AM
Thank you Ramraj..i will get back if require anymore help ..
Regards
Shanil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide