Users not able to get to the internet

Unanswered Question
Sep 24th, 2008

Hi there,


I have an ASA 5510 which doesnt let the users ping the outside interface or get to the internet. I thought i have configured everything fine, but seems like something is missing


I have not configured Nat or any access lists,


by default the users should be able to get to the internet once the router is given the appropriate Ip on the interfaces. right?


is there anyone who can help me out?

Thanks in Advance,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Wed, 09/24/2008 - 10:21

You can't ping the opposite interface on an ASA, so users on the inside won't be able to ping the outside interface of the pix. Can you post a config? if you don't have an access-list on the outside interface, generally any traffic you send out will get blocked coming back in. In an ASA/PIX, traffic from a lower security (outside) to a higher security (inside) interface is blocked...the opposite inside to outside is allowed.


If you don't need NAT in your scenario, you can disable it, but you need to have a nat (inside) 0 0.0.0.0 0.0.0.0 line in the ASA. Otherwise, you need to have:


global (outside) 1 interface (or whatever your static address is)

nat (inside) 1 0.0.0.0 0.0.0.0


The above would NAT everything to the outside IP address from the inside.


--John

rameezsaam Wed, 09/24/2008 - 18:38

Thanks for the response, i was able to get the users access the internet, and you are right it doesnt let the internal interface to ping the external int and vice versa, I have configure PAT and configured access list too, anyway i got it to work finally by changing the security level from 0 to 90 on the inside interface and security level 0 on the outside interface.


Thanks again for the reply, I appreciate it

mattjohnstonsr Wed, 09/24/2008 - 10:55

Also you can try the packet tracer utility in the ASDM that will tell you where you're hanging up at. It works great when trying to decipher complicated rule sets.

Actions

This Discussion