Advertisement

10.26.2007 at 09:24AM PDT, ID: 22920612
[x]
Attachment Details

ASA 5505 can ping  outside from inside but can not get http, https, rdp etc access to internet

Asked by jjetc1 in Cisco PIX Firewall, Networking Hardware Firewalls, Network Operations

Tags: asa, 5505, outside, ping, inside

We can ping  outside to DNS server and sites from inside but can not get http, https, rdp etc access to internet  tried to add commands to permit but does not help. Please help
Here is the show command list:
: Saved
:
ASA Version 8.0(2)
!
hostname JASVPN
domain-name JASMfg.Internal
enable password 4hnySGSCciSYd4NZ encrypted
names
name 74.218.127.165 PUBLIC_IP_01 description Internet
ddns update method JASMFGDNS
 ddns both
 interval maximum 0 4 0 0
!
!
interface Vlan1
 nameif inside
 security-level 100
 ddns update hostname JASDNS
 ddns update JASMFGDNS
 dhcp client update dns server both
 ip address 192.168.1.1 255.255.255.0
 ospf cost 10
!
interface Vlan2
 nameif outside
 security-level 0
 ddns update JASMFGDNS
 dhcp client update dns
 ip address 74.218.127.166 255.255.255.252
 ospf cost 10
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa802-k8.bin
boot config disk0:/asa8-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 65.24.0.168
 name-server 64.24.0.169
 domain-name JASMfg.Internal
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service AllServiceAllow
 description AllowEvery
 service-object icmp
 service-object udp
 service-object tcp
 service-object tcp-udp eq domain
 service-object tcp-udp eq www
 service-object tcp-udp eq sip
 service-object tcp-udp eq sunrpc
 service-object tcp-udp eq tacacs
 service-object tcp-udp eq talk
 service-object tcp eq ftp
 service-object tcp eq pop3
 service-object tcp eq smtp
 service-object tcp eq telnet
 service-object udp eq netbios-dgm
 service-object udp eq netbios-ns
 service-object udp eq pcanywhere-status
 service-object udp eq tftp
 service-object ip
 service-object tcp-udp eq cifs
 service-object tcp-udp eq discard
 service-object tcp-udp eq echo
 service-object tcp-udp eq kerberos
 service-object tcp-udp eq pim-auto-rp
 service-object tcp eq ftp-data
 service-object tcp eq netbios-ssn
 service-object tcp eq pcanywhere-data
object-group network JAS_MANUFACTUNING
 description VPN CLIENT ACCESS
 network-object host 192.168.1.101
 network-object host 192.168.1.102
 network-object host 192.168.1.103
 network-object host 192.168.1.104
 network-object host 192.168.1.105
 network-object host 192.168.1.106
 network-object host 192.168.1.107
 network-object host 192.168.1.108
 network-object host 192.168.1.109
 network-object host 192.168.1.110
access-list global_mpc extended permit object-group AllServiceAllow any any log disable
access-list inside_access_in extended permit object-group AllServiceAllow 192.168.1.0 255.255.255.0 74.218.127.164 255.255.255.252
access-list outside_access_in extended permit object-group AllServiceAllow any 192.168.1.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip object-group JAS_MANUFACTUNING any
access-list JASVPN1_splitTunnelAcl standard permit any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool JAS 192.168.1.100-192.168.1.110 mask 255.255.255.0
ip audit info action
ip audit attack action
ip audit signature 1103 disable
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2002 disable
ip audit signature 2003 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
ip audit signature 2006 disable
ip audit signature 2007 disable
ip audit signature 2008 disable
ip audit signature 2009 disable
ip audit signature 2010 disable
ip audit signature 2151 disable
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 PUBLIC_IP_01 netmask 255.0.0.0
global (outside) 101 interface
nat (inside) 101 0.0.0.0 0.0.0.0
nat (outside) 0 access-list outside_nat0_outbound outside
route outside 0.0.0.0 0.0.0.0 PUBLIC_IP_01 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:25:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute uauth 0:10:00 inactivity
dynamic-access-policy-record DfltAccessPolicy
aaa authorization command LOCAL
aaa authorization exec authentication-server
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA TRANS_ESP_3DES_MD5
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map JASVPN2 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map inside_map0 1 ipsec-isakmp dynamic JASVPN2
crypto map inside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map0 interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
vpn-sessiondb max-session-limit 10
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
management-access inside
dhcpd auto_config outside
!
dhcpd address 192.168.1.3-192.168.1.33 inside
dhcpd dns 65.24.0.168 65.24.0.169 interface inside
dhcpd ping_timeout 32 interface inside
dhcpd domain jasmfg.internal interface inside
dhcpd enable inside
!

no threat-detection basic-threat
threat-detection statistics
!
class-map global-class
 match any
class-map inspection_default
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
policy-map global-policy
 class global-class
  inspect icmp
  set connection conn-max 2 embryonic-conn-max 2 per-client-max 2 per-client-embryonic-max 2
  set connection decrement-ttl
!
service-policy global-policy global
tftp-server inside 192.168.1.3 /
ssl encryption 3des-sha1 aes256-sha1 aes128-sha1 rc4-sha1 rc4-md5 des-sha1
webvpn
 enable inside
 enable outside
 svc enable
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy JASVPN1 internal
group-policy JASVPN1 attributes
 vpn-tunnel-protocol svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value JASVPN1_splitTunnelAcl
 webvpn
  url-list none
  svc ask enable
group-policy JAS internal
group-policy JAS attributes
 wins-server value 192.168.1.1
 dns-server value 192.168.1.1
username user5 password 6rSaocMqc/FtCD1T encrypted privilege 0
username user5 attributes
 vpn-group-policy JAS
username user4 password 6rSaocMqc/FtCD1T encrypted privilege 0
username user4 attributes
 vpn-group-policy JAS
username user1 password 6rSaocMqc/FtCD1T encrypted privilege 0
username user1 attributes
 vpn-group-policy JAS
username user3 password 6rSaocMqc/FtCD1T encrypted privilege 0
username user3 attributes
 vpn-group-policy JAS
username user2 password 6rSaocMqc/FtCD1T encrypted privilege 0
username user2 attributes
 vpn-group-policy JAS
tunnel-group DefaultL2LGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup general-attributes
 address-pool JAS
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 authentication pap
 authentication ms-chap-v2
 authentication eap-proxy
tunnel-group JAS type remote-access
tunnel-group JAS general-attributes
 address-pool JAS
 default-group-policy JAS
tunnel-group JAS ipsec-attributes
 pre-shared-key *
tunnel-group JASVPN1 type remote-access
tunnel-group JASVPN1 general-attributes
 address-pool JAS
 authorization-server-group LOCAL
 default-group-policy JASVPN1
tunnel-group JASVPN1 webvpn-attributes
 hic-fail-group-policy JASVPN1
tunnel-group JASVPN1 ipsec-attributes
 pre-shared-key *
tunnel-group JASVPN2 type ipsec-l2l
tunnel-group JASVPN2 ipsec-attributes
 pre-shared-key *
tunnel-group JASMFG type remote-access
tunnel-group JASMFG general-attributes
 address-pool JAS
 default-group-policy JASVPN1
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:65486679f8fcaf99f6e456072240d525
: end
asdm image disk0:/asdm-602.bin
no asdm history enable

:-(Start Free Trial
[+][-]10.26.2007 at 09:59AM PDT, ID: 20157244

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Cisco PIX Firewall, Networking Hardware Firewalls, Network Operations
Tags: asa, 5505, outside, ping, inside
Sign Up Now!
Solution Provided By: lrmoore
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628