S B
asked on
Why can't I connect to the Internet from inside the Cisco 5520 Firewall ?
Problem:
No one inside the office has internet access.
I'm working with a Cisco 1900 series router, Cisco 5520 ASA(firewall) and Dell Powerconnect 6224 switches.
Service has been confirmed up to the router. The line out of the router goes into the Cisco 5520 ASA (firewall). The line out the firewall goes into one of the Powerconnect Switches which are stacked (configured as master/slave (unit 1 & 2).
I can ping and connect to the switch from the Domain Controller but when I ping the Cisco 5520 (firewall) the reply I get is "Destination Host is Unreachable". I get the same reply from workstations.
When the problem began one of the PC 6224 switches would not come on so the cables plugged into it were moved to the other switch. Shortly after the switch that wasn't working came back on. The cables were then randomly moved back into the switch. I'm not sure if certain cables were designated for certain ports.
How can I get things working again.
Any help would be greatly appreciated.
Thanks in advance
No one inside the office has internet access.
I'm working with a Cisco 1900 series router, Cisco 5520 ASA(firewall) and Dell Powerconnect 6224 switches.
Service has been confirmed up to the router. The line out of the router goes into the Cisco 5520 ASA (firewall). The line out the firewall goes into one of the Powerconnect Switches which are stacked (configured as master/slave (unit 1 & 2).
I can ping and connect to the switch from the Domain Controller but when I ping the Cisco 5520 (firewall) the reply I get is "Destination Host is Unreachable". I get the same reply from workstations.
When the problem began one of the PC 6224 switches would not come on so the cables plugged into it were moved to the other switch. Shortly after the switch that wasn't working came back on. The cables were then randomly moved back into the switch. I'm not sure if certain cables were designated for certain ports.
How can I get things working again.
Any help would be greatly appreciated.
Thanks in advance
The cables were then randomly moved back into the switch. I'm not sure if certain cables were designated for certain ports.This sounds sounds like something from Douglas Adams Dirk Gently's "The Long Dark Tea-Time of the Soul" Zen navigation method.
"... A few turnings later and I was thoroughly lost. There is a school of thought which says that you should consult a map on these occasions, but to such people I merely say, 'Ha! What if you have no map to consult? What if you have a map but it's of the Dordogne?' My own strategy is to find a car, or the nearest equivalent, which looks as if it knows where it is going and follow it. I rarely end up where I was intending to go, but often I end up somewhere that I needed to be. So what do you say to that?"You'll have to clean up cable mess that is created or reconfigure switch properly, since it is rarely gives good results when applied to networking.
Think logically!
Get on the firewall, can that ping 8.8.8.8 (so we know internet is up)
Log onto the switches can they ping the inside interface of the ASA? (if not that trace the wire from the inside interface (ASA) to the switch, make sure its connected and in the correct VLAN.
Once you can do that can the switch ping 8.8.8.8? If not check the traffic is allowed, NAT is setup correctly, and ICMP inspection is enabled in the firewall.
Can a client then ping 8.8.8.8 if so and theres no internet can they resolve DNS using nslookup.
Get on the firewall, can that ping 8.8.8.8 (so we know internet is up)
Log onto the switches can they ping the inside interface of the ASA? (if not that trace the wire from the inside interface (ASA) to the switch, make sure its connected and in the correct VLAN.
Once you can do that can the switch ping 8.8.8.8? If not check the traffic is allowed, NAT is setup correctly, and ICMP inspection is enabled in the firewall.
Can a client then ping 8.8.8.8 if so and theres no internet can they resolve DNS using nslookup.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks John and Peter your suggestions were very helpful.
2. Connect one computer directly to the modem (outside internet) and make sure that computer can get unimpeded Internet access via the modem.
Then we can proceed from there.