access internet from inside to outside ASA 5520

Unanswered Question
Sep 13th, 2008
User Badges:

Hi,

I just got an ASA 5520 and it will be used for our proxy server. Before putting it to production i used one of our DSL line to simulate for internet access. What supposed to work:

An inside user will access the internet thru outside interface to gain internet access


I have been trying different configs and could not figure out what is wrong. using packet tracer, a private ip 10.243.16.10, i can ping a public ip without a drop. But when i plug the PC, i couldn't get any internet access


I attached the configuration for reference.



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sat, 09/13/2008 - 07:53
User Badges:
  • Green, 3000 points or more

Try


nat ( inside) 1 0 0



your current inside nat is not PATed via global interface.


Rgds

Jorge



skine75 Sat, 09/13/2008 - 19:27
User Badges:

You are not doing any type of NATing. Your NAT 0 statement is your problem. The 10.x.x.x range in not routable over the Internet. Remove the NAT 0 statement and this will work as you already have the GLOBAL statement programmed.

Marwan ALshawi Sun, 09/14/2008 - 02:08
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

hi Eduard


i just wanna add to the nice comments from Jorge and Robert

both of thier notice are right 100%

but u need to do both of them

becasue if u do only nat (inside) 1 0 0

this will not work becasue nat 0 will be prosessed first and will exmpmt ur inside network from get nated

and if u only remove the nat 0 u wil not get nated because u need a nat in isde command

then u need to do both:


no nat (inside) 0 10.0.0.0 255.0.0.0

then

nat (inside) 1 0 0


and do

clear xlate

or reload ur firewall to get ur new nat applied


good luck


if helpful Rate

edongskiu Sun, 09/14/2008 - 03:53
User Badges:

Hi guys,


I tried them both but i still get the same result of not internet from the PC. I have cleared xlate and reboot the asa. I changed the setting on IE by checking automatic detect settings, un-checking automatic detect settings and even used the IP of the interface as proxy.


I tested the DSL and i can get internet.


thanks

Marwan ALshawi Sun, 09/14/2008 - 03:57
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

first u dont ned to make any changes to the IE leavt to the default ASA no proxy device

and make sure u have the default gateway on the pc as the inside ASA IP address


when u try to open the internet from the pc


do the following show commnads to see if that conection is going thourgh the asa nd the nat is working


show conn

show xlate


good luck

edongskiu Tue, 09/16/2008 - 03:04
User Badges:

hi, it still didn't :( work....


show conn

1 in use, 6 most use


show xlate

0 in use, 1 most used



JORGE RODRIGUEZ Tue, 09/16/2008 - 06:39
User Badges:
  • Green, 3000 points or more

Can you post updated config . Question, what are you using for DNS on your systems .


also if you could confirm , from ASA can you ping ASA default route IP your next hop router..


Rgds

Jorge



Actions

This Discussion