asked on
ASA not passing traffice from inside interface to outside
I can't get traffic from devices on the inside interface out of this ASA and on to the Internet. The outside interface is on the Internet. From the ASA console I can successfully ping 8.8.8.8.
From a machine connected to the inside interface I can ping the inside interface but I can't ping 8.8.8.8 or anything else on the Internet. I've also tried telnet to port 80 of various websites and can't reach those either so both ICMP and IP are failing.
show access-list doesn't show any hits on the Inside_access_in ACLs.
This config started out as an 8.2(5) config and was morphed to 9.1(5) using the ADSM tool.
Thanks one and all for you help.
From a machine connected to the inside interface I can ping the inside interface but I can't ping 8.8.8.8 or anything else on the Internet. I've also tried telnet to port 80 of various websites and can't reach those either so both ICMP and IP are failing.
show access-list doesn't show any hits on the Inside_access_in ACLs.
This config started out as an 8.2(5) config and was morphed to 9.1(5) using the ADSM tool.
Thanks one and all for you help.
Cisco
Last Comment
James Hood
ASKER
Sorry, I thought I had uploaded the file with my original question. I'll do so now. Thanks.5510-04162015.txt
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi James
Thank you for the help but I think I need more. So I removed the subnet 0.0.0.0 0.0.0.0 and replaced it with subnet 172.16.160.0 255.255.255.0. Still can't ping 8.8.8.8 from the inside interface. I am able to ping 8.8.8.8 directly from the ASA so I think the default route is not the issue.
Here's the rest of the story. I am not onsite with this ASA 5510. The configuration I'm trying to setup is a remote ASA5505 that uses the EZVPN to connect to the ASA5510. All traffic from the 5505 is being tunneled to the 5510. I am testing from the inside interface of the remote 5505. My subnet on inside interface of the 5505 is 172.20.120.148/29.
I have tried both subnet 172.16.190.0 255.255.255.0 and subnet 172.20.120.48 255.255.255.248 but can't get traffic through the outside interface with either.
I am able to reach other devices on inside interface of the 5510 across the VPN tunnel.
Bill
Thank you for the help but I think I need more. So I removed the subnet 0.0.0.0 0.0.0.0 and replaced it with subnet 172.16.160.0 255.255.255.0. Still can't ping 8.8.8.8 from the inside interface. I am able to ping 8.8.8.8 directly from the ASA so I think the default route is not the issue.
Here's the rest of the story. I am not onsite with this ASA 5510. The configuration I'm trying to setup is a remote ASA5505 that uses the EZVPN to connect to the ASA5510. All traffic from the 5505 is being tunneled to the 5510. I am testing from the inside interface of the remote 5505. My subnet on inside interface of the 5505 is 172.20.120.148/29.
I have tried both subnet 172.16.190.0 255.255.255.0 and subnet 172.20.120.48 255.255.255.248 but can't get traffic through the outside interface with either.
I am able to reach other devices on inside interface of the 5510 across the VPN tunnel.
Bill
ASKER
James your solution didn't fix the problem (because I didn't give you the full details) but it did get me headed in the right direction. I added an object network for the subnet assigned to the inside interface of the 5505's and nat (outside,outside) dynamic interface and that got it working as desired.
Thank you for your help.
Thank you for your help.
Glad you git it working in the end! :)
All the best, James.
All the best, James.
Cheers.