Link to home
Start Free TrialLog in
Avatar of WellingtonIS
WellingtonIS

asked on

Cisco ASA

I have a Cisco ASA and I'm trying to determine if traffic is flowing though it.  I can't ping anything, but maybe it's turned off.  If I do a show traffic

WRMCASA# show traffic
outside:
        received (in 2778.360 secs):
                157 packets     7222 bytes
                0 pkts/sec      2 bytes/sec
        transmitted (in 2778.360 secs):
                190 packets     7504 bytes
                0 pkts/sec      2 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  1 bytes/sec
      5 minute drop rate, 0 pkts/sec
inside:
        received (in 2778.360 secs):
                1980 packets    89314 bytes
                0 pkts/sec      32 bytes/sec
        transmitted (in 2778.360 secs):
                1497 packets    106780 bytes
                0 pkts/sec      38 bytes/sec
      1 minute input rate 0 pkts/sec,  23 bytes/sec
      1 minute output rate 0 pkts/sec,  11 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  18 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
management:
        received (in 2804.300 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 2804.300 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
failover:
        received (in 2804.300 secs):
                4190 packets    308500 bytes
                1 pkts/sec      110 bytes/sec
        transmitted (in 2804.300 secs):
                4125 packets    324794 bytes
                1 pkts/sec      115 bytes/sec
      1 minute input rate 1 pkts/sec,  104 bytes/sec
      1 minute output rate 1 pkts/sec,  108 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 1 pkts/sec,  105 bytes/sec
      5 minute output rate 1 pkts/sec,  110 bytes/sec
      5 minute drop rate, 0 pkts/sec
stateful:
        received (in 2805.300 secs):
                4645 packets    186554 bytes
                1 pkts/sec      66 bytes/sec
        transmitted (in 2805.300 secs):
                5090 packets    2052594 bytes
                1 pkts/sec      731 bytes/sec
      1 minute input rate 1 pkts/sec,  46 bytes/sec
      1 minute output rate 1 pkts/sec,  158 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 1 pkts/sec,  46 bytes/sec
      5 minute output rate 1 pkts/sec,  158 bytes/sec
      5 minute drop rate, 0 pkts/sec

----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
Ethernet0/0:
        received (in 2805.300 secs):
                157 packets     10048 bytes
                0 pkts/sec      3 bytes/sec
        transmitted (in 2805.300 secs):
                189 packets     13506 bytes
                0 pkts/sec      4 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  1 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/1:
        received (in 2807.540 secs):
                2003 packets    131960 bytes
                0 pkts/sec      47 bytes/sec
        transmitted (in 2807.540 secs):
                1506 packets    144374 bytes
                0 pkts/sec      51 bytes/sec
      1 minute input rate 0 pkts/sec,  33 bytes/sec
      1 minute output rate 0 pkts/sec,  17 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  24 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/2:
        received (in 2807.540 secs):
                118 packets     13198 bytes
                0 pkts/sec      4 bytes/sec
        transmitted (in 2807.540 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/3:
        received (in 2808.460 secs):
                8849 packets    724984 bytes
                3 pkts/sec      258 bytes/sec
        transmitted (in 2808.460 secs):
                9227 packets    2603704 bytes
                3 pkts/sec      927 bytes/sec
      1 minute input rate 2 pkts/sec,  215 bytes/sec
      1 minute output rate 2 pkts/sec,  335 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 2 pkts/sec,  217 bytes/sec
      5 minute output rate 2 pkts/sec,  337 bytes/sec
      5 minute drop rate, 0 pkts/sec
Management0/0:
        received (in 2808.470 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 2808.470 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec

this is what I get.  I'm not sure how to test this before I route everyone out this way.
Avatar of netcmh
netcmh
Flag of United States of America image
Traffic is definitely flowing. In ASAs with two main interfaces, the sum of the inbound and outbound traffic on the outside interface should equal the sum of the inbound and outbound traffic on the inside interface.

Do clear traffic, then show traffic over 5-10 mins for more accurate details.
Avatar of WellingtonIS
WellingtonIS

ASKER

ok I did clear traffic waited then a show traffic:
WRMCASA# clear traffic
WRMCASA# show traffic
outside:
        received (in 187.890 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 187.890 secs):
                3 packets       228 bytes
                0 pkts/sec      1 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  1 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
inside:
        received (in 187.890 secs):
                111 packets     5048 bytes
                0 pkts/sec      26 bytes/sec
        transmitted (in 187.890 secs):
                100 packets     4087 bytes
                0 pkts/sec      21 bytes/sec
      1 minute input rate 0 pkts/sec,  15 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  3 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
management:
        received (in 195.330 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 195.330 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
failover:
        received (in 200.450 secs):
                291 packets     21174 bytes
                1 pkts/sec      105 bytes/sec
        transmitted (in 200.450 secs):
                290 packets     22060 bytes
                1 pkts/sec      110 bytes/sec
      1 minute input rate 1 pkts/sec,  106 bytes/sec
      1 minute output rate 1 pkts/sec,  111 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  24 bytes/sec
      5 minute output rate 0 pkts/sec,  25 bytes/sec
      5 minute drop rate, 0 pkts/sec
stateful:
        received (in 202.660 secs):
                230 packets     9440 bytes
                1 pkts/sec      46 bytes/sec
        transmitted (in 202.660 secs):
                263 packets     32186 bytes
                1 pkts/sec      158 bytes/sec
      1 minute input rate 1 pkts/sec,  46 bytes/sec
      1 minute output rate 1 pkts/sec,  158 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  10 bytes/sec
      5 minute output rate 0 pkts/sec,  37 bytes/sec
      5 minute drop rate, 0 pkts/sec

----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
Ethernet0/0:
        received (in 203.220 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 203.220 secs):
                3 packets       282 bytes
                0 pkts/sec      1 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  1 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/1:
        received (in 203.650 secs):
                190 packets     12352 bytes
                0 pkts/sec      60 bytes/sec
        transmitted (in 203.650 secs):
                272 packets     21697 bytes
                1 pkts/sec      106 bytes/sec
      1 minute input rate 1 pkts/sec,  76 bytes/sec
      1 minute output rate 1 pkts/sec,  105 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  4 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/2:
        received (in 352.610 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 352.610 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/3:
        received (in 352.610 secs):
                913 packets     76656 bytes
                2 pkts/sec      217 bytes/sec
        transmitted (in 352.610 secs):
                970 packets     119028 bytes
                2 pkts/sec      337 bytes/sec
      1 minute input rate 2 pkts/sec,  218 bytes/sec
      1 minute output rate 2 pkts/sec,  338 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  49 bytes/sec
      5 minute output rate 0 pkts/sec,  78 bytes/sec
      5 minute drop rate, 0 pkts/sec
Management0/0:
        received (in 353.210 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 353.210 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec

Is there anyway to ping or traceroute?
Avatar of netcmh
netcmh
Flag of United States of America image
Please see this step by step to help you get started configuring and get your ASA running.
http://lipovetskiy.wordpress.com/2012/04/23/cisco-asa-firewall-setup/
Avatar of WellingtonIS
WellingtonIS

ASKER

I have that I just didn't realize I could connect via browser.
Avatar of netcmh
netcmh
Flag of United States of America image
So, all your routes and NATs are in place? Try the ICMP part to get pings going.
SOLUTION
Avatar of Feroz Ahmed
Feroz Ahmed
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of netcmh
netcmh
Flag of United States of America image
Any luck?
Avatar of WellingtonIS
WellingtonIS

ASKER

The command I had to use was inspect ICMP trace.  I did a show traffic again and it appears to moving traffic. I tried a traceroute but noting happened - see below:

If I direct connect to the ASA via a laptop and use the IP as a gateway on the same subnet, shouldn't I be able to get out to the internet?  

Type help or '?' for a list of available commands.
WRMCASA> enable
Password: *******
WRMCASA# config t
WRMCASA(config)# debug icmp
ERROR: % Incomplete command
WRMCASA(config)# debug icmp
ERROR: % Incomplete command
WRMCASA(config)# debug icmp ?

exec mode commands/options:
  trace
WRMCASA(config)# debug icmp
ERROR: % Incomplete command
WRMCASA(config)# debug icmp trace
debug icmp trace enabled at level 1
WRMCASA(config)# show  traffic
outside:
        received (in 66925.300 secs):
                3718 packets    171028 bytes
                0 pkts/sec      2 bytes/sec
        transmitted (in 66925.300 secs):
                14049 packets   398988 bytes
                0 pkts/sec      5 bytes/sec
      1 minute input rate 0 pkts/sec,  2 bytes/sec
      1 minute output rate 0 pkts/sec,  6 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  8 bytes/sec
      5 minute output rate 0 pkts/sec,  6 bytes/sec
      5 minute drop rate, 0 pkts/sec
inside:
        received (in 66925.300 secs):
                24380 packets   1216413 bytes
                0 pkts/sec      18 bytes/sec
        transmitted (in 66925.300 secs):
                546 packets     38791 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 1 pkts/sec,  50 bytes/sec
      1 minute output rate 0 pkts/sec,  41 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  34 bytes/sec
      5 minute output rate 0 pkts/sec,  22 bytes/sec
      5 minute drop rate, 0 pkts/sec
management:
        received (in 66929.400 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 66929.400 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
failover:
        received (in 66929.400 secs):
                97054 packets   7061352 bytes
                1 pkts/sec      41 bytes/sec
        transmitted (in 66929.400 secs):
                97053 packets   7382504 bytes
                1 pkts/sec      46 bytes/sec
      1 minute input rate 1 pkts/sec,  104 bytes/sec
      1 minute output rate 1 pkts/sec,  108 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 1 pkts/sec,  105 bytes/sec
      5 minute output rate 1 pkts/sec,  110 bytes/sec
      5 minute drop rate, 0 pkts/sec
stateful:
        received (in 66932.050 secs):
                75864 packets   3114976 bytes
                1 pkts/sec      46 bytes/sec
        transmitted (in 66932.050 secs):
                87087 packets   10595760 bytes
                1 pkts/sec      29 bytes/sec
      1 minute input rate 1 pkts/sec,  46 bytes/sec
      1 minute output rate 1 pkts/sec,  158 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 1 pkts/sec,  46 bytes/sec
      5 minute output rate 1 pkts/sec,  158 bytes/sec
      5 minute drop rate, 0 pkts/sec

----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
Ethernet0/0:
        received (in 66932.050 secs):
                3718 packets    237952 bytes
                0 pkts/sec      3 bytes/sec
        transmitted (in 66932.050 secs):
                14050 packets   902710 bytes
                0 pkts/sec      13 bytes/sec
      1 minute input rate 0 pkts/sec,  3 bytes/sec
      1 minute output rate 0 pkts/sec,  14 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  12 bytes/sec
      5 minute output rate 0 pkts/sec,  15 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/1:
        received (in 66935.280 secs):
                24398 packets   1658247 bytes
                0 pkts/sec      24 bytes/sec
        transmitted (in 66935.280 secs):
                555 packets     55310 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 1 pkts/sec,  75 bytes/sec
      1 minute output rate 0 pkts/sec,  63 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  49 bytes/sec
      5 minute output rate 0 pkts/sec,  34 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/2:
        received (in 66935.280 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 66935.280 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/3:
        received (in 66936.010 secs):
                172934 packets  14517400 bytes
                2 pkts/sec      24 bytes/sec
        transmitted (in 66936.010 secs):
                184157 packets  22567060 bytes
                2 pkts/sec      16 bytes/sec
      1 minute input rate 2 pkts/sec,  215 bytes/sec
      1 minute output rate 2 pkts/sec,  335 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 2 pkts/sec,  217 bytes/sec
      5 minute output rate 2 pkts/sec,  337 bytes/sec
      5 minute drop rate, 0 pkts/sec
Management0/0:
        received (in 66936.010 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 66936.010 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
WRMCASA(config)# traceroute 170.149.172.130

Type escape sequence to abort.
Tracing the route to 170.149.172.130

 1   *  *  *
 2   *  *  *
 3   *  *  *
 4   *  *  *
WRMCASA(config)#
SOLUTION
Avatar of netcmh
netcmh
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of WellingtonIS
WellingtonIS

ASKER

see for yourself:  He's the config.  I took out the real iPs

nterface Ethernet0/0
 nameif outside
 security-level 0
 ip address Outside address Outside subnet
 !
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address Inside address inside subnet
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
!
interface Ethernet0/3.1
 description LAN Failover Interface
 vlan 1
!
interface Ethernet0/3.2
 description STATE Failover Interface
 vlan 2
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 ip address x.x.x.x 255.255.255.0
!
boot system disk0:/asa822-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
 domain-name xxxx.xxx.xxx
pager lines 24
logging enable
logging asdm informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export template timeout-rate 1
flow-export delay flow-create 15
mtu outside 1500
mtu inside 1500
mtu management 1500
failover
failover lan unit primary
failover lan interface failover Ethernet0/3.1
failover link stateful Ethernet0/3.2
failover interface ip failover x.x.x.x 255.255.255.252 standby x.x.x.x
failover interface ip stateful  x.x.x.x 255.255.255.252 standby x.x.x.x
no monitor-interface management
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-625-53.bin
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 (outside address) 1
route inside x.x.x.x 255.0.0.0 x.x.x.x (inside address) 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http x.x.x.x 255.255.255.0 management
http x.x.x.x 255.255.254.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet x.x.x.x255.255.255.255 inside
telnet x.x.x.x 255.255.254.0 inside
telnet x.x.x.x 255.255.255.0 inside
telnet x.x.x.x 255.255.254.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server x.x.x.x source outside prefer
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Avatar of netcmh
netcmh
Flag of United States of America image
change the

nat (inside) 101 0.0.0.0 0.0.0.0

to

nat (inside) 101 <inside subnet>
Avatar of WellingtonIS
WellingtonIS

ASKER

nat inside currently is 101 0.0.0.0 0.0.0.0 so replace the 0.0.0.0 0.0.0.0 with 101 0.0.0.0 inside subnet?
Avatar of netcmh
netcmh
Flag of United States of America image
replace

nat (inside) 101 0.0.0.0 0.0.0.0

with

nat (inside) 101 10.1.1.0 255.255.255.0

if inside subnet is 10.1.1.0 255.255.255.0
Avatar of WellingtonIS
WellingtonIS

ASKER

ok sorry im confused.  Let's say my inside address is 10.10.10.1 with a subnet of 255.255.255.0
so change inside nat to 101 10.10.10.1 255.255.255.0?
is that correct?
Avatar of netcmh
netcmh
Flag of United States of America image
Close, but no.

If your inside address is 10.10.10.1 with a subnet of 255.255.255.0

change it to

nat (inside) 101 10.10.10.0 255.255.255.0
Avatar of WellingtonIS
WellingtonIS

ASKER

ok when I try to do that it tells me local address overlaps with mask.
the actual Ip is a 10.10.10.x 255.255.255.0
the route inside is 10.0.0.0 255.0.0.0 10.10.10.254
Avatar of WellingtonIS
WellingtonIS

ASKER

ok I'm able to ping my outside address.  but nothing else.  do I need to configure the ISP dns?
Avatar of netcmh
netcmh
Flag of United States of America image
Wonderful. Yes, you'll need to be able to resolve names to ping them. But, before that can you actually ping a known outside IP address? eg. 4.2.2.2 or 8.8.8.8

Btw, you can use these 2 IPs as outside name resolvers.
Avatar of WellingtonIS
WellingtonIS

ASKER

OK just found out that my "tech" didn't cable correctly!  Wow!  Now I'm able to ping comcast DNS but no constant, it will ping and then it will not.  So I should add the comcast DNS to my ASA?  Added the DNS with the following commands...

CiscoASA(config)# dns domain-lookup Outside


2. Then specify the external DNS Servers (Change IP addresses appropriately).
CiscoASA(config)# dns server-group DefaultDNS
CiscoASA(config-dns-server-group)# name-server 122.122.122.199
CiscoASA(config-dns-server-group)# name-server 122.122.122.198
CiscoASA(config-dns-server-group)# exit
Avatar of WellingtonIS
WellingtonIS

ASKER

OK now I'm able to ping NYtimes.com -now I just have to figure out how to route myself to this ASA so I can access the internet.
Avatar of netcmh
netcmh
Flag of United States of America image
So, you've been able to ping outside from the ASA, and now you want to be able to ping outside from your computer behind the ASA?
Avatar of WellingtonIS
WellingtonIS

ASKER

Not exactly.  I want to be able to connect a PC somehow to the ASA and access the internet.  The ASA is not live on my network all machine are routed out via a core switch to another gateway.  Just trying to test internet connectivity before we go live. -But I seem to be able to ping sites like nytimes, nypost and others that allow pinging.
ASKER CERTIFIED SOLUTION
Avatar of netcmh
netcmh
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of WellingtonIS
WellingtonIS

ASKER

yes I was hoping there was an easier way. thanks so much for all your help.  I'll get that going.
Avatar of WellingtonIS
WellingtonIS

ASKER

thanks for the help
Avatar of netcmh
netcmh
Flag of United States of America image
Glad you got it. Thanks for the grade. Good luck.