[SOLVED] ASA 5505 - Inside hosts; no internet

Rick Rosenblum · ‎04-30-2016

I put in a couple hours with TAC last night, but the problem persists. Inside hosts have no internet; can't ping 8.8.8.8. If I ping the inside host from the ASA, this seems to activate the IP, and allows me to ping out to Google. But it doesn't last, and I have been doing this periodically to keep connectivity alive to the hosts. Has anyone run into this issue before? Couple things to note: the config hasn't changed, inside hosts can ping inside interface, pinging Google from ASA is successful.

*Edit: Another vendor installed an IP camera system, and they used the gateway's IP address for their management port.

Kanwaljeet Singh · ‎05-01-2016

Hi Rick,

If you run packet tracer, what do you get? What did you see in logs during the problem? Is inside subnet directly connected to inside interface or they are behind another device?

Do you see the entries in ARP table?

What do you see in "show asp drop"? Did you do any packet captures during the problem? Do you see packet getting dropped at inside interface?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

pradypan · ‎05-01-2016

Hi Rick,

Are you doing PAT/NAT for the inside hosts and is that properly configured. Have you checked if the access rules on outside interface are configured properly to allow the traffic incase you are trying to check the reach-ability via ICMP.

Please check the order of NAT statement and see if you are hitting the proper NAT rule.

Regards

Pradyumna