access internet from inside to outside ASA 5520

Unanswered Question
Sep 13th, 2008

Hi,

I just got an ASA 5520 and it will be used for our proxy server. Before putting it to production i used one of our DSL line to simulate for internet access. What supposed to work:

An inside user will access the internet thru outside interface to gain internet access

I have been trying different configs and could not figure out what is wrong. using packet tracer, a private ip 10.243.16.10, i can ping a public ip without a drop. But when i plug the PC, i couldn't get any internet access

I attached the configuration for reference.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sat, 09/13/2008 - 07:53

Try

nat ( inside) 1 0 0

your current inside nat is not PATed via global interface.

Rgds

Jorge

skine75 Sat, 09/13/2008 - 19:27

You are not doing any type of NATing. Your NAT 0 statement is your problem. The 10.x.x.x range in not routable over the Internet. Remove the NAT 0 statement and this will work as you already have the GLOBAL statement programmed.

Marwan ALshawi Sun, 09/14/2008 - 02:08

hi Eduard

i just wanna add to the nice comments from Jorge and Robert

both of thier notice are right 100%

but u need to do both of them

becasue if u do only nat (inside) 1 0 0

this will not work becasue nat 0 will be prosessed first and will exmpmt ur inside network from get nated

and if u only remove the nat 0 u wil not get nated because u need a nat in isde command

then u need to do both:

no nat (inside) 0 10.0.0.0 255.0.0.0

then

nat (inside) 1 0 0

and do

clear xlate

or reload ur firewall to get ur new nat applied

good luck

if helpful Rate

edongskiu Sun, 09/14/2008 - 03:53

Hi guys,

I tried them both but i still get the same result of not internet from the PC. I have cleared xlate and reboot the asa. I changed the setting on IE by checking automatic detect settings, un-checking automatic detect settings and even used the IP of the interface as proxy.

I tested the DSL and i can get internet.

thanks

Marwan ALshawi Sun, 09/14/2008 - 03:57

first u dont ned to make any changes to the IE leavt to the default ASA no proxy device

and make sure u have the default gateway on the pc as the inside ASA IP address

when u try to open the internet from the pc

do the following show commnads to see if that conection is going thourgh the asa nd the nat is working

show conn

show xlate

good luck

edongskiu Tue, 09/16/2008 - 03:04

hi, it still didn't :( work....

show conn

1 in use, 6 most use

show xlate

0 in use, 1 most used

JORGE RODRIGUEZ Tue, 09/16/2008 - 06:39

Can you post updated config . Question, what are you using for DNS on your systems .

also if you could confirm , from ASA can you ping ASA default route IP your next hop router..

Rgds

Jorge

Actions

This Discussion