09-13-2008 07:06 AM - edited 03-11-2019 06:44 AM
Hi,
I just got an ASA 5520 and it will be used for our proxy server. Before putting it to production i used one of our DSL line to simulate for internet access. What supposed to work:
An inside user will access the internet thru outside interface to gain internet access
I have been trying different configs and could not figure out what is wrong. using packet tracer, a private ip 10.243.16.10, i can ping a public ip without a drop. But when i plug the PC, i couldn't get any internet access
I attached the configuration for reference.
09-13-2008 07:53 AM
Try
nat ( inside) 1 0 0
your current inside nat is not PATed via global interface.
Rgds
Jorge
09-13-2008 07:27 PM
You are not doing any type of NATing. Your NAT 0 statement is your problem. The 10.x.x.x range in not routable over the Internet. Remove the NAT 0 statement and this will work as you already have the GLOBAL statement programmed.
09-14-2008 02:08 AM
hi Eduard
i just wanna add to the nice comments from Jorge and Robert
both of thier notice are right 100%
but u need to do both of them
becasue if u do only nat (inside) 1 0 0
this will not work becasue nat 0 will be prosessed first and will exmpmt ur inside network from get nated
and if u only remove the nat 0 u wil not get nated because u need a nat in isde command
then u need to do both:
no nat (inside) 0 10.0.0.0 255.0.0.0
then
nat (inside) 1 0 0
and do
clear xlate
or reload ur firewall to get ur new nat applied
good luck
if helpful Rate
09-14-2008 03:53 AM
Hi guys,
I tried them both but i still get the same result of not internet from the PC. I have cleared xlate and reboot the asa. I changed the setting on IE by checking automatic detect settings, un-checking automatic detect settings and even used the IP of the interface as proxy.
I tested the DSL and i can get internet.
thanks
09-14-2008 03:57 AM
first u dont ned to make any changes to the IE leavt to the default ASA no proxy device
and make sure u have the default gateway on the pc as the inside ASA IP address
when u try to open the internet from the pc
do the following show commnads to see if that conection is going thourgh the asa nd the nat is working
show conn
show xlate
good luck
09-16-2008 03:04 AM
hi, it still didn't :( work....
show conn
1 in use, 6 most use
show xlate
0 in use, 1 most used
09-16-2008 06:39 AM
Can you post updated config . Question, what are you using for DNS on your systems .
also if you could confirm , from ASA can you ping ASA default route IP your next hop router..
Rgds
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide