November 19, 2008 02:27am pst

1. batry_boy 632,921
2. lrmoore 520,600
3. PeteLong 141,217
4. Voltz-dk 120,870
5. MrHusy 120,045
6. mkielar 107,219
7. JFrederic... 103,500
8. Cyclops3... 98,738
9. Pugglewu... 73,677
10. _jesper_ 65,025
11. harbor235 50,640
12. rsivanandan 49,505
13. grblades 46,350
14. raptorjb007 44,800
15. nodisco 40,900
16. arnold 40,323
17. ck459 39,525
18. 2PiFL 35,575
19. RPPreacher 35,046
20. Jay_Gridley 34,935
21. from_exp 34,120
22. mabutterfi... 33,425
23. MikeKane 32,090
24. clearacid 31,205
25. naughton 28,380

1. lrmoore 2,467,881
2. batry_boy 1,001,045
3. rsivanandan 352,134
4. grblades 349,235
5. PeteLong 328,058
6. nodisco 277,487
7. calvinetter 254,590
8. MrHusy 241,746
9. Voltz-dk 228,809
10. Cyclops3... 215,644
11. JFrederic... 160,500
12. harbor235 121,650
13. tim_holman 120,177
14. carribeant... 108,132
15. mkielar 107,219
16. keith_ala... 105,619
17. _jesper_ 86,525
18. Pugglewu... 73,677
19. RPPreacher 73,023
20. stressedo... 60,512
21. td_miles 60,417
22. pruecons... 57,463
23. charan_j... 55,118
24. jjoseph_x 46,722
25. billwharton 45,258

05.05.2008 at 05:09AM PDT, ID: 23376164 | Points: 500

	[x] Attachment Details

CISCO ASA 5505 basic routing/nat problem

Asked by dautech in Cisco PIX Firewall, Networking Protocols, Telecommunications

Hi,
i've recently buy a CiSCO ASA 5505 and i'm experiencing issues with internet.
So far i manage to make it work on the WAN interface of the router.. ie i can Ping and TraceRoute external IP (using ASDM).
i cannot browse nor ping the internet with vlan2 *LAN
Here's my running-config

Result of the command: "show running-config"

: Saved
:
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name dauphinmtl.local
enable password Kf/x8EKpxAPFEHKA encrypted
names
!
interface Vlan1
nameif LAN.DT
security-level 100
ip address 192.168.2.2 255.255.255.0
!
interface Vlan2
nameif WAN
security-level 0
ip address 123.123.123.123 255.255.255.252
!
interface Vlan9
no forward interface Vlan1
nameif dmz
security-level 50
no ip address
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name dauphinmtl.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list WAN_access_in extended permit udp host 123.123.123.123 host 192.168.2.30
access-list WAN_access_in extended permit tcp host 123.123.123.123 host 192.168.2.30
access-list WAN_access_in extended permit ip host 123.123.123.123 host 192.168.2.30
access-list WAN_access_in extended permit udp host 123.123.123.123 host 192.168.2.31
access-list WAN_access_in extended permit tcp host 123.123.123.123 host 192.168.2.31
access-list WAN_access_in extended permit ip host 123.123.123.123 host 192.168.2.31
access-list WAN_access_in extended permit udp host 123.123.123.123 host 192.168.2.32
access-list WAN_access_in extended permit tcp host 123.123.123.123 host 192.168.2.32
access-list WAN_access_in extended permit ip host 123.123.123.123 host 192.168.2.32
access-list WAN_access_in extended permit udp any interface LAN.DT
access-list WAN_access_in extended permit tcp any interface LAN.DT
access-list WAN_access_in extended permit ip any interface LAN.DT
access-list WAN_access_in extended permit ip any any
access-list WAN_access_out extended permit tcp host 192.168.2.30 host 123.123.123.123
access-list WAN_access_out extended permit ip host 192.168.2.30 host 123.123.123.123
access-list WAN_access_out extended permit tcp host 192.168.2.31 host 123.123.123.123
access-list WAN_access_out extended permit ip any any
access-list WAN_access_out extended permit tcp any any
access-list WAN_access_out extended permit udp any any
access-list WAN_access_out extended permit icmp any any echo
access-list WAN_access_out extended permit icmp any any echo-reply
access-list LAN.DT_access_in extended permit udp any any
access-list LAN.DT_access_in extended permit tcp any any
access-list LAN.DT_access_in extended permit ip any any
access-list LAN.DT_access_in extended permit icmp any any
access-list LAN.DT_access_out extended permit icmp any any
access-list LAN.DT_access_out extended permit udp interface LAN.DT any
access-list LAN.DT_access_out extended permit tcp any any
access-list LAN.DT_access_out extended permit ip any any
access-list WAN-in extended permit icmp any any echo-reply
pager lines 24
logging enable
logging asdm informational
mtu LAN.DT 1500
mtu WAN 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (LAN.DT) 1 192.168.2.90-192.168.2.254 netmask 255.255.255.0
global (WAN) 1 interface
nat (WAN) 1 0.0.0.0 0.0.0.0
static (WAN,LAN.DT) tcp 192.168.2.30 5080 123.123.123.123 5080 netmask 255.255.255.255
static (WAN,LAN.DT) tcp 192.168.2.30 6000 123.123.123.123 6000 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.30 6000 123.123.123.123 6000 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.30 9000 123.123.123.123 9000 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.30 9001 123.123.123.123 9001 netmask 255.255.255.255
static (WAN,LAN.DT) tcp 192.168.2.30 6100 123.123.123.123 6100 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30000 123.123.123.123 30000 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30001 123.123.123.123 30001 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30002 123.123.123.123 30002 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30003 123.123.123.123 30003 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30004 123.123.123.123 30004 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30005 123.123.123.123 30005 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30006 123.123.123.123 30006 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30007 123.123.123.123 30007 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30008 123.123.123.123 30008 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30009 123.123.123.123 30009 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30010 123.123.123.123 30010 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30011 123.123.123.123 30011 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30012 123.123.123.123 30012 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30013 123.123.123.123 30013 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30014 123.123.123.123 30014 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30015 123.123.123.123 30015 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30016 123.123.123.123 30016 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30017 123.123.123.123 30017 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30018 123.123.123.123 30018 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30019 123.123.123.123 30019 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30020 123.123.123.123 30020 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30021 123.123.123.123 30021 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30022 123.123.123.123 30022 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30023 123.123.123.123 30023 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30024 123.123.123.123 30024 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30025 123.123.123.123 30025 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30026 123.123.123.123 30026 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30027 123.123.123.123 30027 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30028 123.123.123.123 30028 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30029 123.123.123.123 30029 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30030 123.123.123.123 30030 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30031 123.123.123.123 30031 netmask 255.255.255.255
static (WAN,LAN.DT) udp 192.168.2.31 30032 123.123.123.123 30032 netmask 255.255.255.255
access-group LAN.DT_access_in in interface LAN.DT
access-group LAN.DT_access_out out interface LAN.DT
access-group WAN_access_in in interface WAN
access-group WAN_access_out out interface WAN
route WAN 0.0.0.0 0.0.0.0 123.123.123.124 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 LAN.DT
http 0.0.0.0 0.0.0.0 LAN.DT
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.2.0 255.255.255.0 LAN.DT
telnet 192.168.1.0 255.255.255.0 LAN.DT
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config WAN
!
dhcpd dns 24.200.241.37 24.200.241.10 interface LAN.DT
dhcpd domain Dauphinmtl.local interface LAN.DT
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context

----------------
ISP static adress : 123.123.123.123
ISP gateway 123.123.123.124Start Free Trial

Keywords: CISCO ASA 5505 basic routing/nat…

	Title
1	NAT issue
2	Question regarding NAT on ASA 55…
3	No ssh or telnet access to Cisco ASA …
4	Cisco ASA 5505 inbound nat\pat t…
5	configure ASA 5510 to pass throug…
6	Problem configuring ASA 5505

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628