Solved

ASA 5505 inside hosts cannot browse internet

Posted on 2013-06-26
5
1,074 Views
Last Modified: 2013-06-26
I have an ASA 5505.
I can ping internet hosts from the ASA itself but I cannot from internal hosts.  I can ping the internal IP on the ASA from my laptop and I can ping my laptop from the ASA but no traffic is passing.  Any help will be greatly appreciated as I am a bit stumped.

Here is the current configuration:

: Saved
:
ASA Version 8.2(5)
!
hostname rcbasa5505
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
<--- More --->              !
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.5.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 68.15.191.92 255.255.255.240
!
boot system disk0:/asa825-k8.bin
ftp mode passive
object-group network obj_any
access-list inside extended permit ip any any
access-list name extended permit icmp any interface outside
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 100 interface
<--- More --->              nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 68.15.191.81 1
route inside 192.168.0.0 255.255.0.0 192.168.5.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

<--- More --->              threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username eqcadmin password 9ArNsYVJe7IE4naE encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
<--- More --->                inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
0
Comment
Question by:DaveKall42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:smckeown777
ID: 39279924
Think this line is wrong

global (outside) 100 interface

Should be

global (outside) 1 interface
0
 

Author Comment

by:DaveKall42
ID: 39279937
I thought that was only an identifier and didn't actually mean anything?
0
 
LVL 24

Accepted Solution

by:
smckeown777 earned 500 total points
ID: 39279939
No - its related to the nat statements - they are connected

You have

global (outside) 1 interface

followed by

nat (inside) 1 0.0.0.0 0.0.0.0

The two 1's in that combo are related...
0
 

Author Comment

by:DaveKall42
ID: 39279959
You rock my friend!  Thanks for your help!
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39279962
Glad to assist...cheers ;)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question