Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1341
Views
0
Helpful
6
Replies

ASA 5505 Access Internet from VLAN

Go to solution
stephilewis
Level 1
Level 1

‎05-06-2010 03:06 PM - edited ‎03-04-2019 08:24 AM

no

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to stephilewis

‎05-06-2010 03:34 PM 

stephilewis wrote:
No I cannot access http, when i create a route "route BeneNetwork 10.10.220.0 255.255.255.0 172.16.20.100" i get connected route exist.
the default route on my client is 10.10.220.100 which is the ip for the vlan benenetwork.

Ahh, i thought you were connecting from the inside interface but it looks like you are coming from the BeneNetwork. Add this to your config -

nat (BeneNetwork) 1 0.0.0.0 0.0.0.0

Jon

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-06-2010 03:11 PM 

stephilewis wrote:
I configured our ASA 5505 with two VLAN's one is for our wireless network and one is for our internal network.  This issue I am having is I cannot access the internet from our internal network.  I can ping from the ASA to the internet and to the internal network but not the other way around.  Do I need to setup an access list for this?

Stephen

When you say you can't access the internet is that with ping ? If so ping is slightly different than for example accessing a web site. Have you tried accessing a web site from an inside client.

If you do want to test ping then there are a couple of things you can do but you do need to modify your config -

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Jon

0 Helpful

Go to solution
stephilewis
Level 1
Level 1
In response to Jon Marshall

‎05-06-2010 03:19 PM

neither, I can ping the internal network vlan address, but not the inside address or any address after this up to and including the outside interface.  I can ping anywhere from the console.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to stephilewis

‎05-06-2010 03:24 PM 

stephilewis wrote:
neither, I can ping the internal network vlan address, but not the inside address or any address after this up to and including the outside interface.  I can ping anywhere from the console.

Sorry Stephen, could you clarify. You have or haven't tried to use http ?

You can ping the internal vlan address but not the inside address. Does this mean your default-gateway on the client is not the ASA ? If it isn't then you need to -

1) add a route, probably a default-route on this device pointing to the ASA inside IP

2) add a route on the ASA for the subnet your client is on so the ASA knows how to route back to your client

Jon

0 Helpful

Go to solution
stephilewis
Level 1
Level 1
In response to Jon Marshall

‎05-06-2010 03:30 PM

No I cannot access http, when i create a route "route BeneNetwork 10.10.220.0 255.255.255.0 172.16.20.100" i get connected route exist.

the default route on my client is 10.10.220.100 which is the ip for the vlan benenetwork.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to stephilewis

‎05-06-2010 03:34 PM 

stephilewis wrote:
No I cannot access http, when i create a route "route BeneNetwork 10.10.220.0 255.255.255.0 172.16.20.100" i get connected route exist.
the default route on my client is 10.10.220.100 which is the ip for the vlan benenetwork.

Ahh, i thought you were connecting from the inside interface but it looks like you are coming from the BeneNetwork. Add this to your config -

nat (BeneNetwork) 1 0.0.0.0 0.0.0.0

Jon

0 Helpful

Go to solution
stephilewis
Level 1
Level 1
In response to Jon Marshall

‎05-06-2010 03:41 PM

Excellent this worked for http, the next step will be for me to allow access from WLAN to BeneNetwork.  I will try to figure this out, but may be back to search out a way.

Thanks Jon!!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card