Jabony
asked on
No internet access from LAN on ASA5512-X
I installed a Cisco ASA 5512-x from factory default. From what i am told nothing special should be required to make the LAN users browse the internet when using security levels. Or am i wrong?
What is wrong with this config?
If i use ping in ASDM i can ping fro WAN interface to external IP, but not from the LAN interface to a public IP.
Using the packet tracer to establish www connection outbound shows no errors.
Thanks in advance.
- - - - - - -
ASA Version 8.6(1)2
!
hostname ASA5512
enable password crFWG3V1wby.t0u8HC encrypted
passwd 2KasDFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
nameif WAN
security-level 0
ip address 91.X.X.XX 255.255.255.128
!
interface GigabitEthernet0/1
nameif LAN
security-level 99
ip address 10.0.0.253 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup WAN
dns domain-lookup LAN
dns server-group DefaultDNS
name-server 8.8.8.8
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network ISP_gateway
host 91.X.X.1
pager lines 24
logging asdm informational
mtu management 1500
mtu WAN 1500
mtu LAN 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route WAN 0.0.0.0 0.0.0.0 91.X.X.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-reco rd DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.0.0.0 255.255.255.0 LAN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt noproxyarp WAN
sysopt noproxyarp LAN
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
Cryptochecksum:1430eb6919f 9b626587d3 f7851236e8 5
: end
no asdm history enable
What is wrong with this config?
If i use ping in ASDM i can ping fro WAN interface to external IP, but not from the LAN interface to a public IP.
Using the packet tracer to establish www connection outbound shows no errors.
Thanks in advance.
- - - - - - -
ASA Version 8.6(1)2
!
hostname ASA5512
enable password crFWG3V1wby.t0u8HC encrypted
passwd 2KasDFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
nameif WAN
security-level 0
ip address 91.X.X.XX 255.255.255.128
!
interface GigabitEthernet0/1
nameif LAN
security-level 99
ip address 10.0.0.253 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup WAN
dns domain-lookup LAN
dns server-group DefaultDNS
name-server 8.8.8.8
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network ISP_gateway
host 91.X.X.1
pager lines 24
logging asdm informational
mtu management 1500
mtu WAN 1500
mtu LAN 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route WAN 0.0.0.0 0.0.0.0 91.X.X.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-reco
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.0.0.0 255.255.255.0 LAN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt noproxyarp WAN
sysopt noproxyarp LAN
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
Cryptochecksum:1430eb6919f
: end
no asdm history enable
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.