Cisco ASA 5505, route outside

mikejgalovich · ‎06-16-2009

Hi, I have a new Cisco ASA 5505 that I can't get internet access on. I set it up using the Startup Wizard. I have my outside interface an address of 69.3.19.242, the T1 provider gave me a router that they have setup with an address of 69.3.19.241, but I can't get to the internet. I can get to the internet if I use my laptop on the Fast Ethernet port on the router, using DHCP on the laptop.

Do I need to set a route outside? I did try this

route outside 0.0.0.0 0.0.0.0 69.3.19.241 0 (this didn't work either)

Thotsaphon Lueangwattanaphong · ‎06-16-2009

Mike,

Yes, You need a "route outside" command. It will not work unless you configure NAT on ASA. You may try to use wizard or CLI for NAT.

Toshi

mikejgalovich · ‎06-16-2009

I tried this route:

route outside 0.0.0.0 0.0.0.0 69.3.19.241 0

Didn't work

Thotsaphon Lueangwattanaphong · ‎06-16-2009

Mike,

Please add the following commands.

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

HTH,

Toshi

mikejgalovich · ‎06-16-2009

Hey, that might just work. I'll try it when I get back to my office.

Thanks!

mikejgalovich · ‎06-16-2009

I tried those commands and it came back saying it already exists.

Attached is the current config of my Cisco ASA 5505. my usable IP's are 69.3.19.242-246. The WAN IP on the router they provided me is 69.3.19.241. So I though I would make the outside interface (ether0/0) 69.3.19.242.

If anyone can tell me what I'm doing wrong, I would appreciate it.

doraemonheng · ‎06-16-2009

Hi Mike,

Your interface ip address should configure like this ip address 69.3.19.242 255.255.255.248 instead. As you mentioned the range is from .241 to 246.

Please also try to configure the default route as

route outside 0.0.0.0 0.0.0.0 69.3.19.241 1

Thanks & Regards,

mikejgalovich · ‎06-16-2009

I have my outside interface set to 69.3.19.242, the router the ISP sent me is set to 69.3.19.241. I can ping the router address of .241 from my Cisco 5505, but clients inside the office can't reach the internet. Makes me believe there is a NAT'ing or route problem.

I'll try "route outside 0.0.0.0 0.0.0.0 69.3.19.241 1 ", because I think I used route outside 0.0.0.0 0.0.0.0 69.3.19.241 0, before (0, instead of a 1 at the end of the command)

mikejgalovich · ‎06-17-2009

Hi, I tried route outside 0.0.0.0 0.0.0.0 69.3.19.241 1 , that didn't work either.

mikejgalovich · ‎06-17-2009

I ended up setting the outside interface to DHCP, then set a route to the DHCP address it was given and that worked.

?????

Not sure why it didn't let me just assign the static address and route

Abhradeep.Banerjee · ‎10-26-2015

how did you actually do that?

Andrew Zizzo · ‎04-04-2012

Two and a half years later I have the same issue. Internal hosts cannot reach the internet by simply configuring the ASDM wizard (as is claimed in Cisco material) when using a static IP for the internet-facing interface, even after later entering a static route out. Configuring the outside interface to obtain its IP via DHCP during the ASDM Wizard configures internet access for the inside hosts fine. With the static IP configuration I'm able to ping their router from the ASA, but I'll have to allow icmp traffic through to do some more connectivity tests from inside the net. I didn't have much time to configure the device, but will be returning this evening and throughout the week to bring this into production. Configs to follow, but please comment if you're aware of the problem and might know what's wrong with the Cisco wizard's configuration. (only 2 zones - inside and outside)