Solved

ASA 5505 inside hosts cannot browse internet

Posted on 2013-06-26
5
1,043 Views
Last Modified: 2013-06-26
I have an ASA 5505.
I can ping internet hosts from the ASA itself but I cannot from internal hosts.  I can ping the internal IP on the ASA from my laptop and I can ping my laptop from the ASA but no traffic is passing.  Any help will be greatly appreciated as I am a bit stumped.

Here is the current configuration:

: Saved
:
ASA Version 8.2(5)
!
hostname rcbasa5505
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
<--- More --->              !
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.5.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 68.15.191.92 255.255.255.240
!
boot system disk0:/asa825-k8.bin
ftp mode passive
object-group network obj_any
access-list inside extended permit ip any any
access-list name extended permit icmp any interface outside
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 100 interface
<--- More --->              nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 68.15.191.81 1
route inside 192.168.0.0 255.255.0.0 192.168.5.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

<--- More --->              threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username eqcadmin password 9ArNsYVJe7IE4naE encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
<--- More --->                inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
0
Comment
Question by:DaveKall42
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Think this line is wrong

global (outside) 100 interface

Should be

global (outside) 1 interface
0
 

Author Comment

by:DaveKall42
Comment Utility
I thought that was only an identifier and didn't actually mean anything?
0
 
LVL 24

Accepted Solution

by:
smckeown777 earned 500 total points
Comment Utility
No - its related to the nat statements - they are connected

You have

global (outside) 1 interface

followed by

nat (inside) 1 0.0.0.0 0.0.0.0

The two 1's in that combo are related...
0
 

Author Comment

by:DaveKall42
Comment Utility
You rock my friend!  Thanks for your help!
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Glad to assist...cheers ;)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now