ASA 5505 inside hosts cannot browse internet

Posted on 2013-06-26
Medium Priority
Last Modified: 2013-06-26
I have an ASA 5505.
I can ping internet hosts from the ASA itself but I cannot from internal hosts.  I can ping the internal IP on the ASA from my laptop and I can ping my laptop from the ASA but no traffic is passing.  Any help will be greatly appreciated as I am a bit stumped.

Here is the current configuration:

: Saved
ASA Version 8.2(5)
hostname rcbasa5505
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
<--- More --->              !
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address
boot system disk0:/asa825-k8.bin
ftp mode passive
object-group network obj_any
access-list inside extended permit ip any any
access-list name extended permit icmp any interface outside
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 100 interface
<--- More --->              nat (inside) 1
route outside 1
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside

<--- More --->              threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username eqcadmin password 9ArNsYVJe7IE4naE encrypted privilege 15
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
<--- More --->                inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Question by:DaveKall42
  • 3
  • 2
LVL 24

Expert Comment

ID: 39279924
Think this line is wrong

global (outside) 100 interface

Should be

global (outside) 1 interface

Author Comment

ID: 39279937
I thought that was only an identifier and didn't actually mean anything?
LVL 24

Accepted Solution

smckeown777 earned 2000 total points
ID: 39279939
No - its related to the nat statements - they are connected

You have

global (outside) 1 interface

followed by

nat (inside) 1

The two 1's in that combo are related...

Author Comment

ID: 39279959
You rock my friend!  Thanks for your help!
LVL 24

Expert Comment

ID: 39279962
Glad to assist...cheers ;)

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question