cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
483
Views
0
Helpful
4
Replies

no internet on asa 5510

maheshwar2012
Level 1
Level 1

hey guys im not able to get internet access on through my asa firewall

please look at the configs for my asa below

ciscoasa# sho run

: Saved

:

ASA Version 8.4(2)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface GigabitEthernet0

nameif outside

security-level 0

ip address 192.168.137.2 255.255.255.0

!

interface GigabitEthernet1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface GigabitEthernet2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet3

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet4

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet5

shutdown

no nameif

no security-level

no ip address

!

ftp mode passive

object-group network lan

network-object 192.168.1.0 255.255.255.0

pager lines 24

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat (inside,outside) source dynamic lan interface

route outside 0.0.0.0 0.0.0.0 192.168.137.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

!

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

crashinfo save disable

Cryptochecksum:68088fae8935de1a1816b463ed433029

: end

thanks

Mahesh

4 Replies 4

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Mahesh,

From the firewall can you ping 4.2.2.2

From the firewall can you ping 192.168.137.1

Add the following command

fixup protocol icmp

and later from an internal PC ping 192.168.137.1

Let me know how it goes

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

vishaw jasrotia
Level 1
Level 1

Hello

You need to allow access from your outside interface to inside .

access-list 100 permit IP any  any

access-group 100 in interface outside.

Thanks

Hello

As an add-on , packet lookup in ASA is shown below:

Do not configure a permit IP any any on your outside interface, that is a major security risk.

I would suggest editing your NAT statement:

no nat (inside,outside) source dynamic lan interface

object network lan

subnet 192.168.1.0 255.255.255.0

nat (inside,outside) dynamic interface

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card