07-23-2008 10:15 PM - edited 03-11-2019 06:19 AM
Hi,
I have the following config.
ISProuter---ASA---3750-------LAN users
ALl LAN users use VLAN 10 (10.10.20.50) as their default gateway. Int g1/1 on the 3750 is in Layer 3 and has IP address 10.10.18.5. Its 0.0.0.0 route points to the ASA internal interface 10.10.18.2.
Users are able to ping the ASA internal 10.10.18.2. They cannot connect to the internet. Please help. Attached is my config.
name 10.10.20.55 Router3750
dns-guard
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address 151.2XX.2XX.246 255.255.255.240
!
interface Ethernet0/1
nameif Roxcomp-Corporate
security-level 100
ip address 10.10.18.2 255.255.255.240
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
same-security-traffic permit intra-interface
access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.20.0 255.255.252.0 10.10.100.0 255.255.255.0
access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.100.0 255.255.255.0 10.10.20.0 255.255.252.0
access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.18.0 255.255.255.240 10.10.100.0 255.255.255.0
access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.100.0 255.255.255.0 10.10.18.0 255.255.255.240
access-list Roxcomp_splitTunnelAcl standard permit 10.10.16.0 255.255.248.0
access-list nonat remark NO NAT applied for VPN Client return traffic
access-list nonat extended permit ip any 10.10.100.0 255.255.255.0
access-list Roxcomp-Corporate_access_in extended permit ip any any
access-list Roxcomp-Corporate_access_in extended permit ip object-group ROXNETWORKS any
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu Outside 1500
mtu Roxcomp-Corporate 1500
ip local pool Testpool 10.10.100.50-10.10.100.55 mask 255.255.255.0
ip verify reverse-path interface Outside
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (management) 0 0.0.0.0 0.0.0.0
nat (Roxcomp-Corporate) 0 access-list nonat
nat (Roxcomp-Corporate) 0 10.10.18.0 255.255.255.240
nat (Roxcomp-Corporate) 0 10.10.20.0 255.255.252.0
static (Roxcomp-Corporate,Outside) 151.203.206.248 Router3750 netmask 255.255.255.255
access-group Roxcomp-Corporate_access_in in interface Roxcomp-Corporate
route Outside 0.0.0.0 0.0.0.0 151.2XX.2XX.2XX 1
route Roxcomp-Corporate 10.10.20.0 255.255.252.0 10.10.18.5 1
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 Outside
ssh 0.0.0.0 0.0.0.0 management
ssh 0.0.0.0 0.0.0.0 Outside
ssh timeout 30
console timeout 30
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
service-policy global_policy global
Cryptochecksum:xxx
: end
ROXFW2#
07-23-2008 10:31 PM
no nat (Roxcomp-Corporate) 0 10.10.18.0 255.255.255.240
no nat (Roxcomp-Corporate) 0 10.10.20.0 255.255.252.0
nat (Roxcomp-Corporate) 10 10.10.18.0 255.255.255.240
nat (Roxcomp-Corporate) 10 10.10.20.0 255.255.252.0
07-23-2008 10:32 PM
All nat Statements have the nat-id 0 (0 stands for identity nat). There is no nat entry for your global 10 statement.
Try:
nat (Roxcomp-Corporate) 10 LAN-User-VLAN
global (Outside) 10 interface
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: