Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access internet from inside to outside ASA 5520

Hi,

I just got an ASA 5520 and it will be used for our proxy server. Before putting it to production i used one of our DSL line to simulate for internet access. What supposed to work:

An inside user will access the internet thru outside interface to gain internet access

I have been trying different configs and could not figure out what is wrong. using packet tracer, a private ip 10.243.16.10, i can ping a public ip without a drop. But when i plug the PC, i couldn't get any internet access

I attached the configuration for reference.

7 REPLIES

Re: access internet from inside to outside ASA 5520

Try

nat ( inside) 1 0 0

your current inside nat is not PATed via global interface.

Rgds

Jorge

New Member

Re: access internet from inside to outside ASA 5520

You are not doing any type of NATing. Your NAT 0 statement is your problem. The 10.x.x.x range in not routable over the Internet. Remove the NAT 0 statement and this will work as you already have the GLOBAL statement programmed.

Re: access internet from inside to outside ASA 5520

hi Eduard

i just wanna add to the nice comments from Jorge and Robert

both of thier notice are right 100%

but u need to do both of them

becasue if u do only nat (inside) 1 0 0

this will not work becasue nat 0 will be prosessed first and will exmpmt ur inside network from get nated

and if u only remove the nat 0 u wil not get nated because u need a nat in isde command

then u need to do both:

no nat (inside) 0 10.0.0.0 255.0.0.0

then

nat (inside) 1 0 0

and do

clear xlate

or reload ur firewall to get ur new nat applied

good luck

if helpful Rate

New Member

Re: access internet from inside to outside ASA 5520

Hi guys,

I tried them both but i still get the same result of not internet from the PC. I have cleared xlate and reboot the asa. I changed the setting on IE by checking automatic detect settings, un-checking automatic detect settings and even used the IP of the interface as proxy.

I tested the DSL and i can get internet.

thanks

Re: access internet from inside to outside ASA 5520

first u dont ned to make any changes to the IE leavt to the default ASA no proxy device

and make sure u have the default gateway on the pc as the inside ASA IP address

when u try to open the internet from the pc

do the following show commnads to see if that conection is going thourgh the asa nd the nat is working

show conn

show xlate

good luck

New Member

Re: access internet from inside to outside ASA 5520

hi, it still didn't :( work....

show conn

1 in use, 6 most use

show xlate

0 in use, 1 most used

Re: access internet from inside to outside ASA 5520

Can you post updated config . Question, what are you using for DNS on your systems .

also if you could confirm , from ASA can you ping ASA default route IP your next hop router..

Rgds

Jorge

154
Views
0
Helpful
7
Replies