05-06-2010 03:06 PM - edited 03-04-2019 08:24 AM
05-06-2010 03:34 PM
stephilewis wrote:
No I cannot access http, when i create a route "route BeneNetwork 10.10.220.0 255.255.255.0 172.16.20.100" i get connected route exist.
the default route on my client is 10.10.220.100 which is the ip for the vlan benenetwork.
Ahh, i thought you were connecting from the inside interface but it looks like you are coming from the BeneNetwork. Add this to your config -
nat (BeneNetwork) 1 0.0.0.0 0.0.0.0
Jon
05-06-2010 03:11 PM
stephilewis wrote:
I configured our ASA 5505 with two VLAN's one is for our wireless network and one is for our internal network. This issue I am having is I cannot access the internet from our internal network. I can ping from the ASA to the internet and to the internal network but not the other way around. Do I need to setup an access list for this?
Stephen
When you say you can't access the internet is that with ping ? If so ping is slightly different than for example accessing a web site. Have you tried accessing a web site from an inside client.
If you do want to test ping then there are a couple of things you can do but you do need to modify your config -
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
Jon
05-06-2010 03:19 PM
neither, I can ping the internal network vlan address, but not the inside address or any address after this up to and including the outside interface. I can ping anywhere from the console.
05-06-2010 03:24 PM
stephilewis wrote:
neither, I can ping the internal network vlan address, but not the inside address or any address after this up to and including the outside interface. I can ping anywhere from the console.
Sorry Stephen, could you clarify. You have or haven't tried to use http ?
You can ping the internal vlan address but not the inside address. Does this mean your default-gateway on the client is not the ASA ? If it isn't then you need to -
1) add a route, probably a default-route on this device pointing to the ASA inside IP
2) add a route on the ASA for the subnet your client is on so the ASA knows how to route back to your client
Jon
05-06-2010 03:30 PM
No I cannot access http, when i create a route "route BeneNetwork 10.10.220.0 255.255.255.0 172.16.20.100" i get connected route exist.
the default route on my client is 10.10.220.100 which is the ip for the vlan benenetwork.
05-06-2010 03:34 PM
stephilewis wrote:
No I cannot access http, when i create a route "route BeneNetwork 10.10.220.0 255.255.255.0 172.16.20.100" i get connected route exist.
the default route on my client is 10.10.220.100 which is the ip for the vlan benenetwork.
Ahh, i thought you were connecting from the inside interface but it looks like you are coming from the BeneNetwork. Add this to your config -
nat (BeneNetwork) 1 0.0.0.0 0.0.0.0
Jon
05-06-2010 03:41 PM
Excellent this worked for http, the next step will be for me to allow access from WLAN to BeneNetwork. I will try to figure this out, but may be back to search out a way.
Thanks Jon!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide