CISCO ASA_Blocking all traffic

Unanswered Question
Aug 25th, 2010
User Badges:

Hello.

I have a CISCO ASA firewall. The network looks like:


LAN > L2 Switch > ASA E0/1 - ASA E0/0 > ISP


The interface E0/0 is connected to the ISP end & intercafe E0/1 is connected to my LAN of few PC via a L2 switch.


The problem I am facing is, I can not go internet from my LAN PC. Even I can not web browse. May be the ASA is blocking the traffic's.

I can ping the interface E0/1.


FYI, the runing configurations are attached. Need suggestion please. Thanks in advance.


Regards.

Sakibnaz.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Wed, 08/25/2010 - 08:40
User Badges:
  • Cisco Employee,

Hello,


Please remove the following line:


static (External,Internal) 172.16.1.130 0.0.0.0 netmask 255.255.255.255


Regards,


NT

Allen P Chen Wed, 08/25/2010 - 10:19
User Badges:
  • Cisco Employee,

Hello,


The NAT configuration mentioned in the previous post might be introducing some issues.  Just a follow-up question, I see the following commands in your configuration:


access-list External_access_in_V1 extended permit tcp any host 172.16.1.130

access-group External_access_in_V1 in interface External


Are you trying to allow all outside users to access internal host 172.16.1.130?  Since  you are running software version 7.0 on the ASA, the current ACL will never work, because outside users will need to access this host on a public IP address and not an internal IP address.  If you have a usable external IP address assigned by your ISP that you would like to use for this host, then you will need to configure the following:


access-list External_access_in_V1 extended permit tcp any host

access-group External_access_in_V1 in interface External


static (Internal,External) 172.16.1.130 netmask 255.255.255.255


Hope that helps.

Actions

This Discussion