Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
1
Replies

Internal interface cannot access internet

Navindar Singh
Level 1
Level 1

‎02-19-2014 05:34 PM

I have confiured a cisco asa 5505 to dial up and internet works fine on the FW. I have also created a VPN pool and can connect to the FW via the cisco anyconnect client. The only problem i have is that the inside interface cannot access the internet and i cannot ping the inside interface after i get connect to the anyconnect client. Attached is the current configs,  I suspect its a natting issue.Can someone please assist.

Labels:
15376196-vpntest.log.zip
0 Helpful
1 Reply 1

Navindar Singh
Level 1
Level 1

‎02-19-2014 05:59 PM

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

switchport access vlan 2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

<--- More --->

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 0

ip address 10.0.0.4 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

pppoe client vpdn group lccvpn

ip address pppoe

!

ftp mode passive

clock timezone FJST 12

access-list Network-List standard permit 10.0.0.0 255.255.255.0

access-list Network-List1 standard permit 10.0.0.0 255.255.255.0

access-list inside_access_in extended permit ip any any

access-list NAT-EXEMPT extended permit ip 10.0.0.0 255.0.0.0 10.20.12.0 255.255.255.0

pager lines 24

logging enable

logging timestamp

logging trap informational

logging asdm informational

<--- More --->

logging permit-hostdown

mtu inside 1500

mtu outside 1500

ip local pool VPNPool 10.20.12.1-10.20.12.254 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-613.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 210.x.x.x 1

route inside 10.0.0.0 255.0.0.0 10.0.0.4 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

http server enable

<--- More --->

http 192.168.1.0 255.255.255.0 inside

http 0.0.0.0 0.0.0.0 outside

http 192.168.252.0 255.255.255.128 inside

http 10.2.2.0 255.255.255.0 inside

http 10.0.0.0 255.255.255.0 inside

snmp-server host inside 10.0.1.22 community ***** version 2c

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps ipsec start stop

snmp-server enable traps entity config-change

snmp-server enable traps remote-access session-threshold-exceeded

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

<--- More --->

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000

crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto isakmp enable outside

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 10

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

telnet timeout 5

ssh 10.2.2.0 255.255.255.0 inside

ssh 10.0.1.0 255.255.255.0 inside

ssh 10.0.0.0 255.255.255.0 inside

ssh timeout 5

console timeout 5

<--- More --->

vpdn group lccvpn request dialout pppoe

vpdn group lccvpn localname navinisp

vpdn group lccvpn ppp authentication pap

vpdn username navinisp password *****

dhcpd auto_config outside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

enable outside

svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1 regex "Windows NT"

svc enable

group-policy SSLVPN internal

group-policy SSLVPN attributes

banner value This is a private system

banner value Access to this computer system is limited to authorised users only.

banner value This authorization must be obtained in writing from the system owner

banner value Unauthorised users may be subject to prosecution under the Crimes

banner value Act or State legislation

banner value

banner value All accesses to this service are logged

banner value All information and details on this system are private,

<--- More --->

banner value confidential and must not be disclosed

vpn-tunnel-protocol svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Network-List1

address-pools value VPNPool

group-policy TechM_VPN_SSL internal

group-policy TechM_VPN_SSL attributes

vpn-tunnel-protocol svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Network-List1

address-pools value VPNPool

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol webvpn

group-policy VPN-Client internal

group-policy VPN-Client attributes

vpn-tunnel-protocol IPSec

ip-comp enable

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Network-List1

user-authentication-idle-timeout 30

address-pools value VPNPool

webvpn

<--- More --->

<--- More --->

tunnel-group Client-VPN type remote-access

tunnel-group Client-VPN general-attributes

address-pool VPNPool

default-group-policy VPN-Client

tunnel-group Client-VPN ipsec-attributes

pre-shared-key *****

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

<--- More --->

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:ee68f096fd8002aeb97d69d449fc0dde

: end

0 Helpful
Customers Also Viewed These Support Documents