unable to access internet from certain ip addresses

Unanswered Question
Jun 18th, 2007
User Badges:

I recently migrated our firewall from pix 6.3 to asa 5510. After the migration only the users having ip address 10.100.0.x can connect to the internet except the others having the IP address 10.100.1.x and 10.100.2.x. Everything else works fine as before. I copied most of the config including nat and accesslist from the previous config. What could be possible causes of this problem?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 06/18/2007 - 11:52
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


If possible could you send a copy of ASA config minus any sensitive info.


srue Tue, 06/19/2007 - 05:24
User Badges:
  • Blue, 1500 points or more

check that you can ping a host in each of your subnets from the ASA.

make sure you have the correct NAT statements to allow all internal networks access to the 'net.

anandramapathy Tue, 06/19/2007 - 05:32
User Badges:
  • Bronze, 100 points or more

check the subnet mask in the NAT statement & ensure that it convers all the subnets.

The subnet from where you are browsing - It may not be under the NAT / subnet mask may be wrong.

kcarjun2002 Thu, 06/21/2007 - 20:34
User Badges:

Thanks for all the responses. I found that inside interface was setup with 24 bit netmask instead of 16 bit. After I changed the subnet mask, its working now.

anandramapathy Thu, 06/21/2007 - 20:40
User Badges:
  • Bronze, 100 points or more

I am glad we were able to help you in resolving your issue.

Please rate useful posts.


This Discussion