troubleshooting Question

Having issues browsing the internet on my pc, that is connected to a cisco asa 5505

Avatar of mshaikh22
mshaikh22 asked on
Hardware FirewallsCiscoNetwork Architecture
7 Comments1 Solution420 ViewsLast Modified:
Hi Experts,

I am having issues browsing to the internet on my pc that is connected to a cisco asa 5505. Can you please have a look at my config as I believe I might be missing something,

my pc ip is

Thank you,


ASA Version 8.4(3)
terminal width 511
hostname fw0
enable password
no names
name dc1
name dc2
name mgmt-server_inside
name e1
name e2
name vc
interface Ethernet0/0
 description outside
 switchport access vlan 20
interface Ethernet0/1
 description inside
interface Ethernet0/2
 description san
 switchport access vlan 10
interface Ethernet0/3
interface Ethernet0/4
 switchport trunk allowed vlan 1
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan10
 nameif SAN
 security-level 50
 ip address
interface Vlan20
 nameif outside
 security-level 0
 ip address dhcp setroute
boot system disk0:/asa843-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup outside
dns server-group DefaultDNS
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network mgmt-server_inside
object network sw0_inside
object network vcenter_inside
object network NETWORK_OBJ_10.68.0.96_28
object network san_subnet
object network inside_anysubnet
object network inside_subnet
object network excas01_inside
object-group network esxi-hosts_inside
 network-object host
 network-object host
object-group network inside-subnet
object-group network san1-subnet
access-list inside_in extended permit icmp any any
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended permit tcp any host eq 3389
access-list outside_in extended permit tcp any host eq smtp
access-list outside_in extended permit tcp any host eq 5480
access-list outside_in extended permit tcp any host eq telnet
access-list outside_in extended deny ip any any log
access-list san_in extended permit icmp any any echo-reply
pager lines 30
logging enable
logging asdm informational
mtu inside 1500
mtu SAN 1500
mtu outside 1500
ip local pool Inside mask
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
asdm history enable
arp timeout 2400
nat (inside,inside) source static any any destination static NETWORK_OBJ_10.68.0.96_28 NETWORK_OBJ_10.68.0.96_28 no-proxy-arp route-lookup
object network mgmt-server_inside
 nat (inside,outside) static interface service tcp 3389 3389
object network sw0_inside
 nat (inside,outside) static interface service tcp telnet telnet
object network vcenter_inside
 nat (inside,outside) static interface service tcp 5480 5480
object network inside_anysubnet
 nat (inside,SAN) dynamic interface
object network inside_subnet
 nat (inside,outside) dynamic interface
object network excas01_inside
 nat (inside,outside) static interface service tcp smtp smtp
access-group san_in in interface SAN
access-group outside_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http inside
http outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh inside
ssh outside
ssh timeout 60
ssh version 2
console timeout 0
management-access inside

dhcpd dns
dhcpd auto_config outside
dhcpd address inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tftp-server inside fw0.txt
 enable inside
 enable outside
 anyconnect image disk0:/sslclient-win- 2
 anyconnect enable
 tunnel-group-list enable
 tunnel-group-preference group-url
group-policy DfltGrpPolicy attributes
 dns-server value
group-policy GroupPolicy_remote-vpn internal
group-policy GroupPolicy_remote-vpn attributes
 wins-server none
 dns-server value
 vpn-tunnel-protocol ssl-client
 default-domain none
username admin password lP6/r5JV6SQg/pjK encrypted privilege 15
username mshaikh password 2YMuQ2Ler5aiagGM encrypted
tunnel-group remote-vpn type remote-access
tunnel-group remote-vpn general-attributes
 address-pool Inside
 default-group-policy GroupPolicy_remote-vpn
tunnel-group remote-vpn webvpn-attributes
 group-alias remote-vpn enable
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
policy-map global-policy
 class class-default
  user-statistics accounting
service-policy global-policy global
prompt hostname context
no call-home reporting anonymous
 profile CiscoTAC-1
  no active
  destination address http
  destination address email
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
: end
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 7 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros