08-06-2007 07:04 AM - edited 03-09-2019 06:32 PM
Hi Guys,
I have an ASA5520 with a /24 public network on the internal interface and /28 public network on the outside interface.
You guys kindly helped me with a routing problem last week - I am almost there but now have this problem:
My test PC on the inside network (customer) cannot browse the internet via http. I can ping and resolve via DNS.
I have opened up the ASA completely so that any traffic of any type is allowed both ways - but still I cannot browse!
Any ideas?
Here is the running-conf:
: Saved
:
ASA Version 7.0(6)
!
hostname cr01-sh
domain-name briars.net
enable password xxx
names
name 213.x.x.2 Aurix01-s01
name 90.x.x.56 Niall_Home
name 213.x.x.3 Test01 description Delete This Once working
dns-guard
!
interface GigabitEthernet0/0
nameif WAN
security-level 0
ip address 217.x.x.34 255.255.255.240
!
interface GigabitEthernet0/1
nameif Customer
security-level 10
ip address 213.x.x.254 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd xxx
ftp mode passive
access-list WAN_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu WAN 1500
mtu Customer 1500
mtu management 1500
no failover
monitor-interface WAN
monitor-interface Customer
monitor-interface management
icmp permit any WAN
asdm image disk0:/asdm506.bin
no asdm history enable
arp timeout 14400
static (Customer,WAN) Test01 Test01 netmask 255.255.255.255
access-group WAN_access_in in interface WAN
route WAN 0.0.0.0 0.0.0.0 217.x.x.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 0.0.0.0 0.0.0.0 WAN
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
Cryptochecksum:xxx
: end
08-06-2007 10:05 AM
I believe you'll need to add these statements in order to browse (or make any connection for that matter) from the Inside to the Outside network.
global (Outside) 1 interface
nat (Inside) 1 a.b.c.d n.n.n.n
Where a.b.c.d n.n.n.n is the network and subnet of the Inside network that you want to allow to make connections out via the Outside interface.
08-06-2007 12:35 PM
Hi, Thanks for your reply.
I can connect via other ports ie dns, ping, smtp etc - but web pages will not load.
Also, I can see the TCP 80 connection building in the syslog and then teardown almost imediately.
Also, as I am connecting from another public network behind the firewall I don't want to use nat as, ultimately, the network will be used for hosting servers.
The problem just seems to be http!
Thanks again for your response.
Niall.
08-06-2007 12:42 PM
Your other issue was solved by the isp right? Did you still have to add this to get it to work?
static (Customer,WAN) Test01 Test01 netmask 255.255.255.255
or does it(everything but http) also work without that?
08-06-2007 12:46 PM
Hi Acomiskey,
Yup - turns out it was the ISP at fault. Yes I didn't need the added line to get access - although everything bar web is working!
Thanks,
Niall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide