Internet Access Through ASA5510 using PAT having Issues

Hi Team,
Could any one please assist urgently with the Internet Access Issue using ASA5510. It is pretty simple setup but i sem to have been struck with it forever.
Below is the running config, Can you please pick up any mistake and corrective command to get Inetrnet Access working.
Urgent reponse wll be highly appriciated. At the moment i do not have access to the device, so any corrective command would do.
i have picked up Security level is wrong on outside and inside ( should be otehr way around) but getting PAT wrong
===============================

Result of the command: "sh run"

: Saved
:
ASA Version 8.0(3)
!
hostname ASA
domain-name default.domain.invalid

names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 100
 ip address 203.x.x.x 255.255.255.252
!
interface Ethernet0/1
 description Inside Network
 nameif inside
 security-level 0
 ip address 10.30.0.1 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.0.50 255.255.255.0
 management-only
!
passwd .2KYOU encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns server-group DefaultDNS
 domain-name default.domain.invalid
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object ip
 protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
 protocol-object ip
 protocol-object icmp
access-list out extended permit object-group DM_INLINE_PROTOCOL_1 any 10.30.0.0 255.255.255.0
access-list inside extended permit icmp any any
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 10.30.0.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
nat-control

global (outside) 1 interface
nat (inside) 1 10.30.0.0 255.255.255.0 dns outside


access-group out in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 203.27.207.101 1
route inside 10.80.0.0 255.255.0.0 10.30.0.1 1
route inside 10.90.0.0 255.255.0.0 10.30.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 management
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside
telnet 192.168.0.0 255.255.255.0 management
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:ba0d6dba6f69b2ad38c2f5eb63f32d03
: end

=================================
tariqmansoorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MikeKaneCommented:
Right here:

Change
nat (inside) 1 10.30.0.0 255.255.255.0 dns outside

to
nat (inside) 1 10.30.0.0 255.255.255.0
0
tariqmansoorAuthor Commented:
Thanks for that, I saw few examples on the net, those suggests
nat (inside) 0.0.0.0 0.0.0.0
Is this correct ? also the command "nat-control" confuses me should it still stay there ?
Thanks,
0
MikeKaneCommented:
Nat (inside) 0.0.0.0 0.0.0.0 will allow any IP using the inside interface to get NAt'ed outbound.    

This one   "nat (inside) 1 10.30.0.0 255.255.255.0"  will only nat that 1 subnet.  


Nat-Control  requires that packets traversing from an inside interface to an outside interface match a NAT rule.  
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/no.html#wp1753422


Hope that helps.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tariqmansoorAuthor Commented:
Excellent, thanks for, I will try this and will let you know after i test, as i dont have access to the ASA at the moment, Will have in the morning.
0
tariqmansoorAuthor Commented:
Great Help...All Worked Good....
Thank You.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.