Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
3
Replies

Single Network to Internet Configuration Check Please

Go to solution
patrick.hurley
Level 3
Level 3

‎05-28-2013 05:06 PM - edited ‎03-11-2019 06:50 PM

Can someone please look at this configuration and check to see why it might not let me get from inside out please?                  

Labels:
15360996-putty05282013asa.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kenrandrews
Level 1
Level 1
In response to patrick.hurley

‎05-29-2013 10:22 AM

I looked at the config and it looks good, default route and NAT are what I would expect to cause you issues based on the issue you are having. Are you pinging from the outside interface? My guess is that if you try to ping from the inside it would fail, ping inside 99.179.xxx.xxx. This is likely because you are not inspecting icmp traffic.

policy-map global_policy

class inspection_default

  inspect icmp

Did you try to get to anything using a web browser as http is inspected by default. If none of this check the logs

logging buffer-size 4000

logging buffered informational

Try to ping then "show log"

Hope that helps.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
mvsheik123
Level 7
Level 7

‎05-28-2013 05:35 PM

Hi Patrick,

How your pc/Internal machines getting IP? If you are not using static IP with ASA Vlan1 interface IP as gateway, you need to configure DHCP on ASA. Check the link below.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/basic_dhcp.html

hth

MS

0 Helpful

Go to solution
patrick.hurley
Level 3
Level 3
In response to mvsheik123

‎05-28-2013 07:48 PM

I have a DHCP server.  Is the ASA configuration correct if all else is set up properly on the inside?  I am having an issue where the ASA can ping the uverse router next hop but nothing inside can ping through the FW even though packet tracer shows it passing all steps.  I want to confirm that the configuration is good before moving on to troubleshoot other things.

0 Helpful

Go to solution
kenrandrews
Level 1
Level 1
In response to patrick.hurley

‎05-29-2013 10:22 AM

I looked at the config and it looks good, default route and NAT are what I would expect to cause you issues based on the issue you are having. Are you pinging from the outside interface? My guess is that if you try to ping from the inside it would fail, ping inside 99.179.xxx.xxx. This is likely because you are not inspecting icmp traffic.

policy-map global_policy

class inspection_default

  inspect icmp

Did you try to get to anything using a web browser as http is inspected by default. If none of this check the logs

logging buffer-size 4000

logging buffered informational

Try to ping then "show log"

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card