11-22-2007 12:40 PM - edited 03-11-2019 04:34 AM
hi friend, i'm facing one problem here, i configured 2 vlans over here also configured default route indicating to outside interface but i'm not able to ping outside interface from inside interface & no one is able to get internet from inside. all the ACL r working fine.. please help me
11-22-2007 03:16 PM
Can you post asa config, strip public ip info, basically check following statement these should get outbound access.
global(outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
If still problems post config.
HTH
Jorge
11-23-2007 04:22 AM
hi jorge ,
first of all thanx for the support
here is other acl config with nat
access-list acl_inside permit tcp host 192.168.1.176 any eq smtp
access-list acl_inside permit tcp host I-Test any eq 8080
access-list acl_inside permit tcp host I-Test any eq www
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp any host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X
access-list acl_inside deny ip any host 65.214.39.152
access-list acl_inside permit udp any any eq isakmp
access-list acl_inside permit udp any any eq 4500
access-list acl_inside permit esp any any
access-list acl_inside permit ip 192.168.1.0 255.255.255.0 any
access-list acl_inside permit tcp any any eq www
access-list acl_inside permit tcp any any eq 8080
access-list acl_outside permit tcp any any eq smtp
access-list acl_outside permit icmp any any echo-reply
access-list acl_outside permit icmp any any time-exceeded
access-list acl_outside permit tcp any any eq https
access-list acl_outside permit udp any eq isakmp any
access-list acl_outside permit udp any eq 4500 any
access-list acl_outside permit esp any any
access-list acl_outside permit tcp X.X.X.X 255.255.255.0 interface outside
access-list acl_outside permit tcp X.X.X.X 255.255.255.0 interface outside eq https
access-list acl_outside deny tcp any host X.X.X.X
access-list acl_outside deny tcp any host X.X.X.X eq www
access-list acl_outside deny ip any host X.X.X.X
access-list acl_outside permit tcp any any eq www
access-list acl_outside permit tcp any host AK eq www
access-list acl_outside permit tcp any host AK eq 8080
access-list acl_outside permit tcp any any eq 8080
access-list acl_outside permit tcp any host AK eq 8900
access-list inside_nat0_outbound permit ip object-group A-NET object-group OS-AK-Servers
access-list inside_nat0_outbound permit ip any 192.168.1.40 255.255.255.248
access-list inside_nat0_outbound permit ip 192.168.1.0 255.255.255.0 192.168.1.40 255.255.255.248
access-list outside_cryptomap_100 permit ip object-group A-Nets object-group OS-AK-Servers
access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center
access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center
access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center
access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center
access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center
access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center
access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.40 255.255.255.248
access-list outside_cryptomap_dyn_40 permit ip any 192.168.1.40 255.255.255.248
11-23-2007 04:24 AM
global (outside) 10 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
access-group acl_outside in interface outside
access-group acl_inside in interface inside
route outside 0.0.0.0 0.0.0.0
this is the remain configuration.
please go through this & let me know what is the possible cause
11-23-2007 07:07 PM
Akhileshm, are you all set with getting outbound traffic?
Jorge
11-23-2007 08:19 PM
Sorry jorge , i didn't get u.... but till now i'm not able to get outside traffic , i removed all the acl binding with the interface but still problem is there..
11-24-2007 02:44 AM
I meant if your issue was resolved, can you re-attached a fresh complete config, and as usual strip out public ip , do it this way, load hyperterminal from PC and either console to ASA or telnet to switch and issue show run and capture the text, save it as notepad text file and post it as attachement .
Rgds
Jorge
11-23-2007 12:03 AM
Hi,
U modify ur config-
first give the ip add to the outside interface and then give the default route for the outside interface pointing to the default gateway. means
route outside 0 0 A.B.C.D where A.B.C.D is the default gateway.
And also apply nat rule for internet access like--
nat (inside) 1 0 0
global (outside) 1 interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide