Cisco ASA 5505, route outside

Unanswered Question
Jun 16th, 2009
User Badges:

Hi, I have a new Cisco ASA 5505 that I can't get internet access on. I set it up using the Startup Wizard. I have my outside interface an address of 69.3.19.242, the T1 provider gave me a router that they have setup with an address of 69.3.19.241, but I can't get to the internet. I can get to the internet if I use my laptop on the Fast Ethernet port on the router, using DHCP on the laptop.


Do I need to set a route outside? I did try this


route outside 0.0.0.0 0.0.0.0 69.3.19.241 0 (this didn't work either)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thotsaphon Tue, 06/16/2009 - 06:32
User Badges:
  • Gold, 750 points or more

Mike,

Yes, You need a "route outside" command. It will not work unless you configure NAT on ASA. You may try to use wizard or CLI for NAT.


Toshi

mikejgalovich Tue, 06/16/2009 - 06:45
User Badges:

I tried this route:

route outside 0.0.0.0 0.0.0.0 69.3.19.241 0


Didn't work

thotsaphon Tue, 06/16/2009 - 06:48
User Badges:
  • Gold, 750 points or more

Mike,

Please add the following commands.


global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0



HTH,

Toshi

mikejgalovich Tue, 06/16/2009 - 06:54
User Badges:

Hey, that might just work. I'll try it when I get back to my office.


Thanks!

mikejgalovich Tue, 06/16/2009 - 14:25
User Badges:

I tried those commands and it came back saying it already exists.


Attached is the current config of my Cisco ASA 5505. my usable IP's are 69.3.19.242-246. The WAN IP on the router they provided me is 69.3.19.241. So I though I would make the outside interface (ether0/0) 69.3.19.242.


If anyone can tell me what I'm doing wrong, I would appreciate it.



doraemonheng Tue, 06/16/2009 - 18:20
User Badges:

Hi Mike,


Your interface ip address should configure like this ip address 69.3.19.242 255.255.255.248 instead. As you mentioned the range is from .241 to 246.


Please also try to configure the default route as

route outside 0.0.0.0 0.0.0.0 69.3.19.241 1


Thanks & Regards,


mikejgalovich Tue, 06/16/2009 - 19:37
User Badges:

I have my outside interface set to 69.3.19.242, the router the ISP sent me is set to 69.3.19.241. I can ping the router address of .241 from my Cisco 5505, but clients inside the office can't reach the internet. Makes me believe there is a NAT'ing or route problem.


I'll try "route outside 0.0.0.0 0.0.0.0 69.3.19.241 1 ", because I think I used route outside 0.0.0.0 0.0.0.0 69.3.19.241 0, before (0, instead of a 1 at the end of the command)



mikejgalovich Wed, 06/17/2009 - 04:22
User Badges:

Hi, I tried route outside 0.0.0.0 0.0.0.0 69.3.19.241 1 , that didn't work either.

mikejgalovich Wed, 06/17/2009 - 05:48
User Badges:

I ended up setting the outside interface to DHCP, then set a route to the DHCP address it was given and that worked.


?????


Not sure why it didn't let me just assign the static address and route

Andrew Zizzo Wed, 04/04/2012 - 13:40
User Badges:

Two and a half years later I have the same issue. Internal hosts cannot  reach the internet by simply configuring the ASDM wizard (as is claimed  in Cisco material) when using a static IP for the internet-facing  interface, even after later entering a static route out. Configuring the  outside interface to obtain its IP via DHCP during the ASDM Wizard  configures internet access for the inside hosts fine. With the static IP  configuration I'm able to ping their router from the ASA, but I'll have  to allow icmp traffic through to do some more connectivity tests from  inside the net. I didn't have much time to configure the device, but  will be returning this evening and throughout the week to bring this  into production. Configs to follow, but please comment if you're aware  of the problem and might know what's wrong with the Cisco wizard's  configuration. (only 2 zones - inside and outside)

Actions

This Discussion