05-05-2019 11:11 AM
Good Day,
I am unable to access the Internet from a PC directly connected to my ASA, I think it has to do with routing as when I run the following packet-tracer command the nat rules increment.
packet-tracer input inside tcp 192.168.168.70 12345 8.8.8.8 80
It's a very basic configuration (attached) and I have been banging my head on this for hours.
Any help would be appreciated.
Thanks
Solved! Go to Solution.
05-11-2019 04:44 AM
The config looks fine, I do want to ascertain that this is not an ICMP issue.
Could you post a trace route to that address, you could also try and telnet to a web server, which would confirm the above.
Martin
05-05-2019 01:03 PM
Hello,
change:
nat (any, outside) dynamic interface
to
nat (inside,outside) dynamic interface
05-06-2019 12:32 AM
hi,
before making any changes, can your ASA ping to ISP hop .5 (try to mask sensitive info/real IP).
did you manually configure a DNS server on your PC?
05-07-2019 10:09 AM
The ASA outside interface is able to ping the next hop and the Internet however I cannot ping either the .5 address or the Internet not from the inside interface. I have been trying to ping 8.8.8.8 which doesn't rely on dns
05-07-2019 03:13 PM
Hello,
your PING source, 192.168.168.70, does not seem to be the IP address of the inside interface. Is that the address of a PC on your LAN ?
Add the line in bold to your default class:
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
05-08-2019 10:52 AM
I all, I have unfortunately lost the remote access I had set up and don't want anyone to think I am ignoring this issue -- which is -personally very critical. I hope to get to the DC tomorrow but will have access back by Saturday the latest.
Thank you all in advance, any advice and guidance is greatly appreciated.
05-10-2019 10:09 AM
The 192.168.168.70 address is a laptop I have configured for testing however I am still unable to ping the Internet directly from the inside interface “inspect icmp” is already present in the configuration.
ping inside 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
Thanks
David S. Goldstein
05-11-2019 04:44 AM
The config looks fine, I do want to ascertain that this is not an ICMP issue.
Could you post a trace route to that address, you could also try and telnet to a web server, which would confirm the above.
Martin
05-28-2019 02:31 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide