ASA 5505 Access Internet from VLAN

Answered Question
May 6th, 2010
User Badges:

no

Correct Answer by Jon Marshall about 7 years 3 months ago

stephilewis wrote:


No I cannot access http, when i create a route "route BeneNetwork 10.10.220.0 255.255.255.0 172.16.20.100" i get connected route exist.


the default route on my client is 10.10.220.100 which is the ip for the vlan benenetwork.


Ahh, i thought you were connecting from the inside interface but it looks like you are coming from the BeneNetwork. Add this to your config -


nat (BeneNetwork) 1 0.0.0.0 0.0.0.0


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Thu, 05/06/2010 - 15:11
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

stephilewis wrote:


I configured our ASA 5505 with two VLAN's one is for our wireless network and one is for our internal network.  This issue I am having is I cannot access the internet from our internal network.  I can ping from the ASA to the internet and to the internal network but not the other way around.  Do I need to setup an access list for this?




Stephen


When you say you can't access the internet is that with ping ? If so ping is slightly different than for example accessing a web site. Have you tried accessing a web site from an inside client.


If you do want to test ping then there are a couple of things you can do but you do need to modify your config -


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml


Jon

stephilewis Thu, 05/06/2010 - 15:19
User Badges:

neither, I can ping the internal network vlan address, but not the inside address or any address after this up to and including the outside interface.  I can ping anywhere from the console.

Jon Marshall Thu, 05/06/2010 - 15:24
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

stephilewis wrote:


neither, I can ping the internal network vlan address, but not the inside address or any address after this up to and including the outside interface.  I can ping anywhere from the console.


Sorry Stephen, could you clarify. You have or haven't tried to use http ?


You can ping the internal vlan address but not the inside address. Does this mean your default-gateway on the client is not the ASA ? If it isn't then you need to -


1) add a route, probably a default-route on this device pointing to the ASA inside IP


2) add a route on the ASA for the subnet your client is on so the ASA knows how to route back to your client


Jon

stephilewis Thu, 05/06/2010 - 15:30
User Badges:

No I cannot access http, when i create a route "route BeneNetwork 10.10.220.0 255.255.255.0 172.16.20.100" i get connected route exist.


the default route on my client is 10.10.220.100 which is the ip for the vlan benenetwork.

Correct Answer
Jon Marshall Thu, 05/06/2010 - 15:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

stephilewis wrote:


No I cannot access http, when i create a route "route BeneNetwork 10.10.220.0 255.255.255.0 172.16.20.100" i get connected route exist.


the default route on my client is 10.10.220.100 which is the ip for the vlan benenetwork.


Ahh, i thought you were connecting from the inside interface but it looks like you are coming from the BeneNetwork. Add this to your config -


nat (BeneNetwork) 1 0.0.0.0 0.0.0.0


Jon

stephilewis Thu, 05/06/2010 - 15:41
User Badges:

Excellent this worked for http, the next step will be for me to allow access from WLAN to BeneNetwork.  I will try to figure this out, but may be back to search out a way.


Thanks Jon!!!!

Actions

This Discussion