- Cisco Community
- Technology and Support
- Security
- Security Knowledge Base
- Not able to access Internet through asa 5505 firewall
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
05-07-2013 03:19 AM - edited 03-08-2019 06:49 PM
Hi,
I have Cisco Firewall ASA 5505 it is all ready configured and work fine but befor 2 weeks i have a problem,
i can't access Internet i don't no why please any one can help me
Firewall configuration :
ASA Version 7.2(4)
!
hostname woodrocasa
domain-name woodroc.local
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
no forward interface Vlan2
nameif inside
security-level 100
ip address 192.168.5.254 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif outside
security-level 0
ip address 212.11.160.20 255.255.255.240
ospf cost 10
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name woodroc.local
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
access-list outside_access_in remark Allow FTP for all.
access-list outside_access_in extended permit ip any host 212.11.160.18
access-list outside_access_in extended permit ip any host 192.168.5.21
access-list outside_access_in remark Remote Access from Outside.
access-list outside_access_in extended permit tcp any host 212.11.160.30 eq 3389
access-list outside_access_in remark SMTP
access-list outside_access_in extended permit tcp any host 192.168.5.21 eq smtp
access-list outside_access_in remark SMTPs
access-list outside_access_in extended permit tcp any host 192.168.5.21 eq 465
access-list outside_access_in remark POP3
access-list outside_access_in extended permit tcp any host 192.168.5.21 eq pop3
access-list outside_access_in remark POP3s
access-list outside_access_in extended permit tcp any host 192.168.5.21 eq 995
access-list outside_access_in remark Allow Access to OWA
access-list outside_access_in extended permit tcp any host 192.168.5.21 eq www
access-list outside_access_in remark Allow Secure Access to OWA
access-list outside_access_in extended permit tcp any host 192.168.5.21 eq https
access-list outside_access_in remark IMAP
access-list outside_access_in extended permit tcp any host 192.168.5.21 eq imap4
access-list outside_access_in remark IMAPs
access-list outside_access_in extended permit tcp any host 192.168.5.21 eq 993
access-list outside_access_in remark Allow Access to Web Server
access-list outside_access_in extended permit tcp any host 192.168.5.22 eq www
access-list outside_access_in remark Allow Secure Access to Web Server
access-list outside_access_in extended permit tcp any host 192.168.5.22 eq https
access-list outside_access_in extended permit tcp any host 192.168.5.22 eq 801
access-list outside_access_in extended permit ip any host 212.11.160.19
access-list outside_access_in extended permit ip any host 212.11.160.26
access-list outside_access_in extended permit tcp any host 192.168.10.96 eq 8001
access-list outside_access_in extended permit tcp any host 192.168.10.97 eq 8002
access-list outside_access_in extended permit tcp any host 192.168.10.98 eq 8003
access-list outside_access_in extended permit tcp any host 192.168.10.116 eq 8004
access-list outside_access_in extended permit tcp any host 192.168.10.91 eq 8005
access-list outside_access_in extended permit tcp any host 192.168.10.106 eq 8006
access-list outside_access_in extended permit tcp any host 192.168.10.95 eq 8007
access-list outside_access_in extended permit tcp any host 192.168.10.112 eq 8008
access-list outside_access_in extended permit tcp any host 192.168.10.99 eq 8009
access-list outside_access_in extended permit tcp any host 192.168.10.87 eq 8010
access-list outside_access_in extended permit tcp any host 192.168.10.80 eq 8011
access-list outside_access_in extended permit tcp any host 192.168.10.90 eq 8012
access-list outside_access_in extended permit tcp any host 192.168.10.108 eq 8013
access-list outside_access_in extended permit tcp any host 192.168.10.49 eq 8014
access-list outside_access_in extended permit tcp any host 192.168.10.100 eq 8015
access-list outside_access_in extended permit tcp any host 192.168.10.110 eq 8016
access-list outside_access_in extended permit tcp any host 192.168.10.83 eq 8017
access-list outside_access_in extended permit tcp any host 192.168.10.88 eq 8018
access-list outside_access_in extended permit tcp any host 192.168.10.82 eq 8019
access-list outside_access_in extended permit tcp any host 192.168.10.112 eq 8020
access-list outside_access_in extended permit tcp any host 192.168.10.109 eq 8021
access-list outside_access_in extended permit tcp any host 192.168.10.101 eq 8022
access-list outside_access_in extended permit tcp any host 192.168.10.89 eq 8023
access-list outside_access_in extended permit tcp any host 192.168.10.104 eq 8024
access-list outside_access_in extended permit tcp any host 192.168.10.86 eq 8025
access-list outside_access_in extended permit tcp any host 192.168.10.111 eq 8026
access-list outside_access_in extended permit icmp any any
access-list inside_nat0_outbound extended permit ip any 192.168.10.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip any 212.11.160.28 255.255.255.254
access-list inside_nat0_outbound extended permit ip any 212.11.160.24 255.255.255.248
access-list outside-2_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
logging from-address asa_fw@woodroc.com
logging recipient-address s.ramadan@woodroc.com level alerts
logging ftp-bufferwrap
logging ftp-server 192.168.5.21 asa_logs administrator ****
mtu inside 1500
mtu outside 1500
ip local pool WR 212.11.160.27-212.11.160.28 mask 255.255.255.240
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (inside) 1 192.168.10.96-192.168.10.97 netmask 255.255.255.0
global (outside) 1 interface
global (outside) 2 212.11.160.24 netmask 255.255.255.240
global (outside) 4 192.168.6.14 netmask 255.255.255.0
global (outside) 5 212.11.160.26 netmask 255.255.255.0
global (outside) 3 212.11.160.23 netmask 255.255.255.240
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 192.168.5.0 255.255.255.0 dns
static (inside,outside) tcp 212.11.160.26 8001 192.168.10.96 8001 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8002 192.168.10.97 8002 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8003 192.168.10.98 8003 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8004 192.168.10.116 8004 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8005 192.168.10.91 8005 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8006 192.168.10.106 8006 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8007 192.168.10.95 8007 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8008 192.168.10.112 8008 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8009 192.168.10.99 8009 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8010 192.168.10.87 8010 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8011 192.168.10.80 8011 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8012 192.168.10.90 8012 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8013 192.168.10.108 8013 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8014 192.168.10.49 8014 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8015 192.168.10.100 8015 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8016 192.168.10.110 8016 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8017 192.168.10.83 8017 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8018 192.168.10.88 8018 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8019 192.168.10.82 8019 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8020 192.168.10.117 8020 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8021 192.168.10.109 8021 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8022 192.168.10.101 8022 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8023 192.168.10.89 8023 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8024 192.168.10.104 8024 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8025 192.168.10.86 8025 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.26 8026 192.168.10.111 8026 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.19 www 192.168.5.22 www netmask 255.255.255.255 dns
static (inside,outside) tcp 212.11.160.19 3389 192.168.5.22 3389 netmask 255.255.255.255
static (inside,outside) tcp 212.11.160.19 ftp 192.168.5.22 ftp netmask 255.255.255.255 dns
static (inside,outside) 212.11.160.18 192.168.5.21 netmask 255.255.255.255
static (inside,outside) 212.11.160.30 192.168.5.24 netmask 255.255.255.255
static (inside,outside) 212.11.160.21 192.168.10.145 netmask 255.255.255.255
static (inside,outside) 212.11.160.23 192.168.10.148 netmask 255.255.255.255
static (inside,outside) 212.11.160.22 192.168.10.170 netmask 255.255.255.255
static (inside,outside) 212.11.160.29 192.168.10.161 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route inside 192.168.10.0 255.255.255.0 192.168.5.1 1
route outside 0.0.0.0 0.0.0.0 212.11.160.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.10.143 255.255.255.255 inside
http 192.168.5.24 255.255.255.255 inside
http 192.168.10.55 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 inside
http 212.11.191.0 255.255.255.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 60 set pfs group5
crypto dynamic-map outside_dyn_map 60 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 80 set pfs group1
crypto dynamic-map outside_dyn_map 80 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 100 set pfs group1
crypto dynamic-map outside_dyn_map 100 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 120 set pfs group1
crypto dynamic-map outside_dyn_map 120 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 140 set pfs group1
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-3DES-SHA
crypto dynamic-map inside_dyn_map 20 set pfs group1
crypto dynamic-map inside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 5
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
telnet 192.168.5.24 255.255.255.255 inside
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.10.55 255.255.255.255 inside
telnet 192.168.10.143 255.255.255.255 inside
telnet 0.0.0.0 0.0.0.0 outside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcp-client broadcast-flag
dhcpd auto_config outside
!
vpnclient server 192.168.10.143
vpnclient mode client-mode
vpnclient vpngroup woodroc password ********
group-policy DfltGrpPolicy_1 internal
group-policy DfltGrpPolicy_1 attributes
dns-server value 192.168.5.20 192.168.5.21
vpn-tunnel-protocol l2tp-ipsec
group-policy woodroc internal
group-policy woodroc attributes
dns-server value 192.168.5.20 192.168.5.28
vpn-tunnel-protocol l2tp-ipsec
default-domain value woodroc.local
username saleh-ramadan password 05FiDMwloggBHwl9ZIkEUw== nt-encrypted privilege 0
username saleh-ramadan attributes
vpn-group-policy Woodroc
tunnel-group DefaultRAGroup general-attributes
address-pool WR
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
!
!
prompt hostname context
Cryptochecksum:28ceb2736bf4526bd1f5697b7e201c7c
: end
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello,
Please post any issues as 'discussion'. Can you try by removing 'no forward interface Vlan2' command from int Vla1?
interface Vlan1
no forward interface Vlan2
nameif inside
security-level 100
ip address 192.168.5.254 255.255.255.0
ospf cost 10
Thx
MS
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello
,I try removing but still same problem, I think reset firewall to
factory default and configure again.
Thx
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: