10-05-2015 05:05 PM - edited 03-05-2019 02:27 AM
I am configuring a Cisco core switch and Cisco ASA firewall from scratch. The firewall WAN and LAN interfaces are both up and i can get internet on the firewall and ping both outside and inside. The Firewall LAN interface is directly connected to the Core switch. I cannot seem to get internet on the core switch. I have added static routes on both ends but its still not working. Can someone please assist me urgently. I have attached the configs of both the switch and the firewall.
Just to add on to that. Before the Firewall, i had installed a cisco router directly connected to the core switch and internet worked fine on the Core switch and all the VLANS. I am not sure what i am missing on the FW configs.
Solved! Go to Solution.
10-05-2015 06:26 PM
Hi Navindar,
Couple of things...
1. ACL on ASA:
access-list inside_access_in extended permit ip host 10.0.0.0 any
host 10.0.0.0 says single host. Change it to...
access-list inside_access_in extended permit ip 10.0.0.0 255.0.0.0 any
2. NAT statement for Internal networks...
object network Inside_Net
subnet 10.0.0.0 255.0.0.0
nat (inside,outside) dynamic interface
hth
MS
10-05-2015 06:26 PM
Hi Navindar,
Couple of things...
1. ACL on ASA:
access-list inside_access_in extended permit ip host 10.0.0.0 any
host 10.0.0.0 says single host. Change it to...
access-list inside_access_in extended permit ip 10.0.0.0 255.0.0.0 any
2. NAT statement for Internal networks...
object network Inside_Net
subnet 10.0.0.0 255.0.0.0
nat (inside,outside) dynamic interface
hth
MS
10-05-2015 07:31 PM
Hello MS, thanks a lot for the quick response, i have made the changes that you had suggested and still there is no internet on the core switch. Is there anything else that i am missing?
object network Inside_Net
subnet 10.0.0.0 255.0.0.0
access-list inside_access_in extended permit ip 10.0.0.0 255.0.0.0 any
object network Inside_Net
nat (inside,outside) dynamic interface
10-05-2015 08:11 PM
Guys, can anyone assist me as this is quite urgent, i have to do some testing on the client site tomorrow and i need this to be up.
10-06-2015 08:50 AM
Hi Navindar,
You still have trouble? You are testing internet by ping or browsing?
Pls post updated ASA configs .
Thx
MS
10-06-2015 11:39 AM
10-06-2015 11:56 AM
ACL is not applied to interface, so not blocking anything.
1. Loks like you are using public dns, so point dns server lookup to outside.
2. In the default inspection options add 'inspect icmp'.
3. If your ASA connected to cable provider router, reboot the same.
4. Make sure your test pc settings are correct.
5. If you trying to test ping from switch, make sure dourse packets originating from 10.x.x.x vlan (use extended ping).
Thx
MS
10-07-2015 01:23 PM
Thanks a lot for your assistance Sheik, much appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide