Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
5
Helpful
2
Replies

Unable to access internet through Internal Interface

Go to solution
jniravel
Level 1
Level 1

‎08-19-2022 12:12 PM

Problem: none of my machines in INSIDE interface is able to access internet. I am not able to ping 8.8.8.8 inside interface. What am I missing?


ciscoasa# show running-config
: Saved
ASA Version 9.18(1)
!
service-module 0 keepalive-timeout 4
service-module 0 keepalive-counter 6
!
license smart
feature tier standard
throughput level 2G
names
name 129.6.15.28 time-a.nist.gov
name 129.6.15.29 time-b.nist.gov
name 129.6.15.30 time-c.nist.gov
no mac-address auto
ip local pool SSL-RAVPN-POOL 192.168.100.2-192.168.100.254 mask 255.255.255.0

!
interface Management0/0
management-only
nameif management
security-level 100
ip address dhcp setroute
!
interface TenGigabitEthernet0/0
nameif OUTSIDE
security-level 0
ip address 10.0.1.220 255.255.255.0
!
interface TenGigabitEthernet0/1
nameif INSIDE
security-level 100
ip address 10.0.2.56 255.255.255.0
!
ftp mode passive
dns domain-lookup management
dns server-group DefaultDNS
name-server 10.0.0.2 management
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
no object-group-search access-control
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object udp
service-object tcp
service-object sctp destination eq http
service-object sctp destination eq https
access-group INSIDE_access_in in interface INSIDE
access-list Split-ACL standard permit 10.0.2.0 255.255.255.0
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list INSIDE_access_in extended permit object-group DM_INLINE_SERVICE_1 any any
pager lines 23
mtu management 1500
mtu OUTSIDE 1500
mtu INSIDE 1500
no failover
no failover wait-disable
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (OUTSIDE,INSIDE) source dynamic any interface
nat (INSIDE,OUTSIDE) source dynamic any interface
route OUTSIDE 0.0.0.0 0.0.0.0 10.0.1.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http 0.0.0.0 0.0.0.0 management
http 0.0.0.0 0.0.0.0 OUTSIDE
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpoint _SmartCallHome_ServerCA2
no validation-usage
crl configure
crypto ca trustpool policy
auto-import

telnet timeout 5
no ssh stack ciscossh
ssh stricthostkeycheck
ssh timeout 30
ssh version 2
ssh key-exchange group dh-group14-sha256
ssh 0.0.0.0 0.0.0.0 management
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server time-c.nist.gov
ntp server time-b.nist.gov
ntp server time-a.nist.gov
webvpn
enable OUTSIDE
http-headers
hsts-server
enable
max-age 31536000
include-sub-domains
no preload
hsts-client
enable
x-content-type-options
x-xss-protection
content-security-policy
anyconnect image disk0:/anyconnect-win-4.10.05111-webdeploy-k9.pkg 1
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy GroupPolicy_SSL-VPN internal
group-policy GroupPolicy_SSL-VPN attributes
wins-server none
dns-server value 10.0.2.2
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split-ACL
default-domain none
dynamic-access-policy-record DfltAccessPolicy
username admin privilege 15
username admin attributes
service-type admin
ssh authentication publickey 91:de:25:9a:59:29:f9:86:e0:e0:41:cc:89:9e:15:5d:12:91:c7:f4:fa:d3:86:b2:42:14:06:bb:45:86:30:d3 hashed
username cisco password ***** pbkdf2 privilege 15
tunnel-group SSL-VPN type remote-access
tunnel-group SSL-VPN general-attributes
address-pool SSL-RAVPN-POOL
default-group-policy GroupPolicy_SSL-VPN
tunnel-group SSL-VPN webvpn-attributes
group-alias SSL-VPN enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect ip-options
inspect netbios
inspect rtsp
inspect sunrpc
inspect tftp
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect esmtp
inspect sqlnet
inspect sip
inspect skinny
inspect icmp
policy-map type inspect dns migrated_dns_map_2
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:8462ce8bb3ee958067959ceb8aa7b0d8
: end
ciscoasa#

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP

‎08-20-2022 01:59 AM

here try again

 

no nat (OUTSIDE,INSIDE) source dynamic any interface
no nat (INSIDE,OUTSIDE) source dynamic any interface
!
object network Local-Network
 subnet 10.0.2.0 255.255.255.0
 nat (inside,outside) dynamic interface
please do not forget to rate.

View solution in original post

2 Replies 2

Go to solution
Sheraz.Salim
VIP
VIP

‎08-20-2022 01:59 AM

here try again

 

no nat (OUTSIDE,INSIDE) source dynamic any interface
no nat (INSIDE,OUTSIDE) source dynamic any interface
!
object network Local-Network
 subnet 10.0.2.0 255.255.255.0
 nat (inside,outside) dynamic interface
please do not forget to rate.

Go to solution
MHM Cisco World
VIP
VIP
In response to Sheraz.Salim

‎08-20-2022 04:16 AM

Sorry I replay same but in his second post I dont see this one until now. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card