cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2477
Views
5
Helpful
2
Replies

Routing to external network on ASA 5505 not working

matthunt2063
Level 1
Level 1

I'm trying to get my clients connected to inside to route to the internet.  My current set up is:

inside: 192.168.10/24

outside 192.168.1.10

DSL: 192.168.1.254

Outside is connected to my DSL router. DHCPD is set up on inside, outside is static. When I connect via my 1242AG on my phone, it tells me "internet may not be available".  I also tried via a laptop direct on the ASA. It was showing the gateway as 192.168.10.1, so I set dhcpd option 3 to 192.168.1.254. I have set  route outside 0.0.0.0 0.0.0.0 192.168.1.254 and show route gives:

Gateway of last resort is 192.168.1.254 to network 0.0.0.0

C    192.168.10.0 255.255.255.0 is directly connected, inside
C    192.168.1.0 255.255.255.0 is directly connected, outside
S*   0.0.0.0 0.0.0.0 [1/0] via 192.168.1.254, outside

I can ping 8.8.8.8 from the ASA CLI. I also tried setting option 3 as 192.168.10.1, that also didn't work. I also tried 192.168.1.10, same issue. It is showing the gateway change on ipconfig, but it doesn't seem to want to properly route between the two zones.

Trying to add  route inside 192.168.10.0 255.255.255.0 192.168.1.254 or route inside 192.168.10.0 255.255.255.0 192.168.1.10 says "ERROR: Cannot add route, connected route exists" so I'm not sure what is wrong here. 

The DSL's gateway is 107.203.56.1, and it's IP is 107.203.56.23.  But since I can ping externals from the ASA CLI, I don't think this information needs to be set anywhere.

1 Accepted Solution

Accepted Solutions

Hi matthunt2063,

You need to configure PAT for your LAN subnet. Try the following config:-

object network LAN

subnet 192.168.10.0 255.255.255.0

nat (inside,outside) dynamic interface.

Please rate if this is helpful.

Spooster IT Services Team

View solution in original post

2 Replies 2

Hi matthunt2063,

You need to configure PAT for your LAN subnet. Try the following config:-

object network LAN

subnet 192.168.10.0 255.255.255.0

nat (inside,outside) dynamic interface.

Please rate if this is helpful.

Spooster IT Services Team

I did that, and I also realize after looking over my config I had both zones set to security of 0. So I set the inside back to 100.  Not sure which did the trick, but I'm marking you a 5 & "correct answer"!

Review Cisco Networking for a $25 gift card