Getting Started Need Some Help

Unanswered Question
Jul 15th, 2008
User Badges:

We have purchased a 5510 to use with our commerical network. We want to allow the inside Internet access through the outside but with no luck so far (None of us are experienced enough with cisco firewalls). The inside is connected to a cisco 500 switch and the outside is connected to the ISP cable modem. Any help will be greatly appreciate.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
dhananjoy chowdhury Tue, 07/15/2008 - 18:58
User Badges:
  • Silver, 250 points or more


Check whether you are able to ping the Internet router IP from the FW.

Also try to access Internet from the Inside LAn and check whether NAT is happening on the FW, with the command "show xlate"

lscadmins Wed, 07/16/2008 - 06:43
User Badges:


I am able to ping the ISP gateway from the firewall. When I tried to browse and execute the show xlate command, I get 0 in use, 3 must used

a.alekseev Tue, 07/15/2008 - 22:44
User Badges:
  • Gold, 750 points or more

try to do the following

no route Outside x.x.42.1 1

interface Ethernet0/0


no sh

and after one minute show the output

sh route

you should see a default gateway assigned by ISP.

try to ping it.

lscadmins Wed, 07/16/2008 - 07:20
User Badges:

I am able to ping the gateway of the ISP but still no luck getting out.

a.alekseev Wed, 07/16/2008 - 07:35
User Badges:
  • Gold, 750 points or more

conf t

logg on

logg mon 7

term mon

deb icmp trace

try to ping from inside to outside

show collected logs

lscadmins Wed, 07/16/2008 - 08:55
User Badges:

When I ping from inside to outside, I do not see anything in the asdm live log. I do see logs when I ping inside to inside or outside to outside

JORGE RODRIGUEZ Wed, 07/16/2008 - 12:05
User Badges:
  • Green, 3000 points or more

your outside interface:

interface Ethernet0/0

ip address dhcp setroute

do agree with Aleksey , did you remove route outside 0 0 x.x.42.1 1 1?,when interface is configured as dhcp setroute asa outside interface will get IP from ISP as well as get a default route injected into ASA, do not need that statement as default route is provided dynamically.

when you remove the above make sure you are getting a default route,issue show route | inc and verify you have a gateway of last resort, then try pinging by using IP address from inside to outside like this ip

What type of dns are you using,are inside clients using internal DNS?, or are you using dns given by ISP dynamically, if it is provided dynamically you may need to add in global config mode dhcpd auto_config outside but if using internal dns then this does not applies but please check.

When I ping from inside to outside, I do not see anything in the asdm live log

nside hosts are not geting nated.

Make sure :

Inside client you are testing from is using correct default gateway of if your inside client is under Ip scheme, check tcpip settings correct mask, dns info


If all of above check to be fine and still no joy replace these two statements.


no global (Outside) 10 interface

no nat (Inside) 10

replace with

global (Outside) 1 interface

nat (Inside) 1

let us know how it works out.



lscadmins Mon, 07/21/2008 - 08:13
User Badges:

I am finally able to ping the outside from a inside system, but I cannot get a inside system to browse the Internet. I also cannot ping the outside interface address. Not sure this is normal. The inside systems will use an internal DNS, once the server has been properly set. I have been working the Internet access first.


This Discussion