cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
506
Views
0
Helpful
2
Replies

ASA 5510 Unable to Connect to the Internet via PAT

jethrowaya
Level 1
Level 1

Hi,

I have the following config.

ISProuter---ASA---3750-------LAN users

ALl LAN users use VLAN 10 (10.10.20.50) as their default gateway. Int g1/1 on the 3750 is in Layer 3 and has IP address 10.10.18.5. Its 0.0.0.0 route points to the ASA internal interface 10.10.18.2.

Users are able to ping the ASA internal 10.10.18.2. They cannot connect to the internet. Please help. Attached is my config.

name 10.10.20.55 Router3750

dns-guard

!

interface Ethernet0/0

nameif Outside

security-level 0

ip address 151.2XX.2XX.246 255.255.255.240

!

interface Ethernet0/1

nameif Roxcomp-Corporate

security-level 100

ip address 10.10.18.2 255.255.255.240

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

same-security-traffic permit intra-interface

access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.20.0 255.255.252.0 10.10.100.0 255.255.255.0

access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.100.0 255.255.255.0 10.10.20.0 255.255.252.0

access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.18.0 255.255.255.240 10.10.100.0 255.255.255.0

access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.100.0 255.255.255.0 10.10.18.0 255.255.255.240

access-list Roxcomp_splitTunnelAcl standard permit 10.10.16.0 255.255.248.0

access-list nonat remark NO NAT applied for VPN Client return traffic

access-list nonat extended permit ip any 10.10.100.0 255.255.255.0

access-list Roxcomp-Corporate_access_in extended permit ip any any

access-list Roxcomp-Corporate_access_in extended permit ip object-group ROXNETWORKS any

pager lines 24

logging enable

logging asdm informational

mtu management 1500

mtu Outside 1500

mtu Roxcomp-Corporate 1500

ip local pool Testpool 10.10.100.50-10.10.100.55 mask 255.255.255.0

ip verify reverse-path interface Outside

asdm image disk0:/asdm-507.bin

no asdm history enable

arp timeout 14400

global (Outside) 10 interface

nat (management) 0 0.0.0.0 0.0.0.0

nat (Roxcomp-Corporate) 0 access-list nonat

nat (Roxcomp-Corporate) 0 10.10.18.0 255.255.255.240

nat (Roxcomp-Corporate) 0 10.10.20.0 255.255.252.0

static (Roxcomp-Corporate,Outside) 151.203.206.248 Router3750 netmask 255.255.255.255

access-group Roxcomp-Corporate_access_in in interface Roxcomp-Corporate

route Outside 0.0.0.0 0.0.0.0 151.2XX.2XX.2XX 1

route Roxcomp-Corporate 10.10.20.0 255.255.252.0 10.10.18.5 1

http server enable

http 192.168.1.0 255.255.255.0 management

http 0.0.0.0 0.0.0.0 Outside

ssh 0.0.0.0 0.0.0.0 management

ssh 0.0.0.0 0.0.0.0 Outside

ssh timeout 30

console timeout 30

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

service-policy global_policy global

Cryptochecksum:xxx

: end

ROXFW2#

2 Replies 2

a.alekseev
Level 7
Level 7

no nat (Roxcomp-Corporate) 0 10.10.18.0 255.255.255.240

no nat (Roxcomp-Corporate) 0 10.10.20.0 255.255.252.0

nat (Roxcomp-Corporate) 10 10.10.18.0 255.255.255.240

nat (Roxcomp-Corporate) 10 10.10.20.0 255.255.252.0

jens.becker
Level 1
Level 1

All nat Statements have the nat-id 0 (0 stands for identity nat). There is no nat entry for your global 10 statement.

Try:

nat (Roxcomp-Corporate) 10 LAN-User-VLAN

global (Outside) 10 interface

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: