cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

465
Views
0
Helpful
4
Replies
mahesh18
Frequent Contributor

Unable to access internet with ASA

Hi all,

I am new to ASA  world.

I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable  Modem.

ASA is config with DHCP option and PC is able to get the IP from ASA.

But from PC i am unable to access the internet.

From ASA  itself i am able to ping the Websites fine.

ASA has config with DHCP for inside and also it is doing NAT.

When i connect the ASA  directly to Cable modem then pc is able to access the internet.

thanks

mahesh

1 ACCEPTED SOLUTION

Accepted Solutions
Jennifer Halim
Cisco Employee

Does the PC has DNS server that resolves public websites?

Are you able to access websites from PC by IP address?

Can you pls share the config. Thanks.

View solution in original post

4 REPLIES 4
Jennifer Halim
Cisco Employee

Does the PC has DNS server that resolves public websites?

Are you able to access websites from PC by IP address?

Can you pls share the config. Thanks.

View solution in original post

Hi Jennifer.

i tried to open websites by IP  did not work.

here is config of ASA

ciscoasa# sh running-config

: Saved

:

ASA Version 8.4(4)1

!

hostname ciscoasa

enable password .vV.3QsyXqiTEfZu encrypted

passwd PnBz02JMnfQN7Ggt encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

shutdown

!

interface Ethernet0/3

shutdown

!

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 192.168.11.5 255.255.255.0

!

banner motd

banner motd +-+

banner motd | |

banner motd | *** Unauthorized Use or Access Prohibited *** |

banner motd | |

banner motd | For Authorized Official Use Only |

banner motd | You must have explicit permission to access or |

banner motd | configure this device. All activities performed |

banner motd | on this device may be logged, and violations of |

banner motd | this policy may result in disciplinary action, and |

banner motd | may be reported to law enforcement authorities. |

banner motd | |

banner motd | There is no right to privacy on this device. |

banner motd | |

banner motd +-+

banner motd

banner motd

banner motd +-+

banner motd | |

banner motd | *** Unauthorized Use or Access Prohibited *** |

banner motd | |

banner motd | For Authorized Official Use Only |

banner motd | You must have explicit permission to access or |

banner motd | configure this device. All activities performed |

banner motd | on this device may be logged, and violations of |

banner motd | this policy may result in disciplinary action, and |

banner motd | may be reported to law enforcement authorities. |

banner motd | |

banner motd | There is no right to privacy on this device. |

banner motd | |

banner motd +-+

banner motd

boot system disk0:/asa844-1-k8.bin

ftp mode passive

clock timezone MST -7

clock summer-time MST recurring

object network obj-192.168.1.0

subnet 192.168.1.0 255.255.255.0

no pager

logging enable

logging timestamp

logging buffered debugging

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-649.bin

no asdm history enable

arp timeout 14400

!

object network obj-192.168.1.0

nat (inside,outside) dynamic interface

route outside 0.0.0.0 0.0.0.0 192.168.11.1 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

telnet timeout 5

ssh 192.168.1.0 255.255.255.0 inside

ssh 192.168.0.0 255.255.0.0 outside

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 15

dhcpd address 192.168.1.5-192.168.1.250 inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 91.103.24.10

webvpn

username mintoo password AILiHuRWFGgkbsI5 encrypted privilege 15

!

!

prompt hostname context

call-home reporting anonymous prompt 2

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DD

CEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:4a1203c1c8d7b2dd85cdcfe379f7418a

: end

Hi Jennifer,

I added the command dhcpd dns x.x.x.x

now pc is able to access the internet.

Thanks

mahesh

Excellent. Thanks for the update.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad