Solved

ASA 5505 inside hosts cannot browse internet

Posted on 2013-06-26
5
1,053 Views
Last Modified: 2013-06-26
I have an ASA 5505.
I can ping internet hosts from the ASA itself but I cannot from internal hosts.  I can ping the internal IP on the ASA from my laptop and I can ping my laptop from the ASA but no traffic is passing.  Any help will be greatly appreciated as I am a bit stumped.

Here is the current configuration:

: Saved
:
ASA Version 8.2(5)
!
hostname rcbasa5505
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
<--- More --->              !
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.5.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 68.15.191.92 255.255.255.240
!
boot system disk0:/asa825-k8.bin
ftp mode passive
object-group network obj_any
access-list inside extended permit ip any any
access-list name extended permit icmp any interface outside
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 100 interface
<--- More --->              nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 68.15.191.81 1
route inside 192.168.0.0 255.255.0.0 192.168.5.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

<--- More --->              threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username eqcadmin password 9ArNsYVJe7IE4naE encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
<--- More --->                inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
0
Comment
Question by:DaveKall42
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:smckeown777
ID: 39279924
Think this line is wrong

global (outside) 100 interface

Should be

global (outside) 1 interface
0
 

Author Comment

by:DaveKall42
ID: 39279937
I thought that was only an identifier and didn't actually mean anything?
0
 
LVL 24

Accepted Solution

by:
smckeown777 earned 500 total points
ID: 39279939
No - its related to the nat statements - they are connected

You have

global (outside) 1 interface

followed by

nat (inside) 1 0.0.0.0 0.0.0.0

The two 1's in that combo are related...
0
 

Author Comment

by:DaveKall42
ID: 39279959
You rock my friend!  Thanks for your help!
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39279962
Glad to assist...cheers ;)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 1830 AP behaving wierdly 7 59
Access List 2 18
lan speed when you have different speeds 5 49
By pass website on ASA for Websense 4 48
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now