09-28-2012 05:36 PM - edited 03-11-2019 05:01 PM
Hi all,
I am new to ASA world.
I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable Modem.
ASA is config with DHCP option and PC is able to get the IP from ASA.
But from PC i am unable to access the internet.
From ASA itself i am able to ping the Websites fine.
ASA has config with DHCP for inside and also it is doing NAT.
When i connect the ASA directly to Cable modem then pc is able to access the internet.
thanks
mahesh
Solved! Go to Solution.
09-28-2012 06:15 PM
Does the PC has DNS server that resolves public websites?
Are you able to access websites from PC by IP address?
Can you pls share the config. Thanks.
09-28-2012 06:15 PM
Does the PC has DNS server that resolves public websites?
Are you able to access websites from PC by IP address?
Can you pls share the config. Thanks.
09-28-2012 06:33 PM
Hi Jennifer.
i tried to open websites by IP did not work.
here is config of ASA
ciscoasa# sh running-config
: Saved
:
ASA Version 8.4(4)1
!
hostname ciscoasa
enable password .vV.3QsyXqiTEfZu encrypted
passwd PnBz02JMnfQN7Ggt encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.11.5 255.255.255.0
!
banner motd
banner motd +-+
banner motd | |
banner motd | *** Unauthorized Use or Access Prohibited *** |
banner motd | |
banner motd | For Authorized Official Use Only |
banner motd | You must have explicit permission to access or |
banner motd | configure this device. All activities performed |
banner motd | on this device may be logged, and violations of |
banner motd | this policy may result in disciplinary action, and |
banner motd | may be reported to law enforcement authorities. |
banner motd | |
banner motd | There is no right to privacy on this device. |
banner motd | |
banner motd +-+
banner motd
banner motd
banner motd +-+
banner motd | |
banner motd | *** Unauthorized Use or Access Prohibited *** |
banner motd | |
banner motd | For Authorized Official Use Only |
banner motd | You must have explicit permission to access or |
banner motd | configure this device. All activities performed |
banner motd | on this device may be logged, and violations of |
banner motd | this policy may result in disciplinary action, and |
banner motd | may be reported to law enforcement authorities. |
banner motd | |
banner motd | There is no right to privacy on this device. |
banner motd | |
banner motd +-+
banner motd
boot system disk0:/asa844-1-k8.bin
ftp mode passive
clock timezone MST -7
clock summer-time MST recurring
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
no pager
logging enable
logging timestamp
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
!
object network obj-192.168.1.0
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 192.168.11.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.0.0 255.255.0.0 outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 15
dhcpd address 192.168.1.5-192.168.1.250 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 91.103.24.10
webvpn
username mintoo password AILiHuRWFGgkbsI5 encrypted privilege 15
!
!
prompt hostname context
call-home reporting anonymous prompt 2
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4a1203c1c8d7b2dd85cdcfe379f7418a
: end
09-28-2012 07:43 PM
Hi Jennifer,
I added the command dhcpd dns x.x.x.x
now pc is able to access the internet.
Thanks
mahesh
09-28-2012 08:03 PM
Excellent. Thanks for the update.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: