ASA 5550 VPN Ipsec works but not able to browse the internet

MJonkers · ‎09-21-2009

Hi,

We have setup an asa 5550 with ipsec. When I have build up the vpn connection and then try to ping a external (internet) address it works but when I try to browse it will not work. Is this an firewall issue on the ASA?

Thx,

Marc

Collin Clark · ‎09-21-2009

Marc-

Sounds more like a DNS issue, so let's check that first. Can you ping a site by name (ping slashdot.com)?

MJonkers · ‎09-21-2009

Hi Collin,

I can resolve the ip address and i can ping the address. But I cannot browse.

Marc

MJonkers · ‎09-21-2009

Hi Collin,

Futher testing reveals that the asa blocks returning traffic. I can see the traffic leaving our network to the internet and returning traffic entering our network. It stops at the asa.

I have enclosed the config file of the asa.

thx Marc

MJonkers · ‎09-21-2009

Hi Collin,

I created a packet capture on the inside interface. You can see that the http traffic is returning correctly.

Marc

MJonkers · ‎09-22-2009

Has it something to do with nat exempt?

MJonkers · ‎09-22-2009

Hi, I solved the problem. I had to add a tunneled interface on the inside network.

thx,

Marc

Collin Clark · ‎09-22-2009

Marc-

Glad to hear you worked through it. Can you explain or give the command of your added tunnel interface?

MJonkers · ‎09-22-2009

Hi,

yes the command is:

route inside 0.0.0.0 0.0.0.0 137.120.xxx.xxx tunneled

Marc