Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

asa 5505 not pinging to outside interface

hi friend, i'm facing one problem here, i configured 2 vlans over here also configured default route indicating to outside interface but i'm not able to ping outside interface from inside interface & no one is able to get internet from inside. all the ACL r working fine.. please help me

7 REPLIES

Re: asa 5505 not pinging to outside interface

Can you post asa config, strip public ip info, basically check following statement these should get outbound access.

global(outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

If still problems post config.

HTH

Jorge

New Member

Re: asa 5505 not pinging to outside interface

hi jorge ,

first of all thanx for the support

here is other acl config with nat

access-list acl_inside permit tcp host 192.168.1.176 any eq smtp

access-list acl_inside permit tcp host I-Test any eq 8080

access-list acl_inside permit tcp host I-Test any eq www

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp any host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny tcp 192.168.1.0 255.255.255.0 host X.X.X.X

access-list acl_inside deny ip any host 65.214.39.152

access-list acl_inside permit udp any any eq isakmp

access-list acl_inside permit udp any any eq 4500

access-list acl_inside permit esp any any

access-list acl_inside permit ip 192.168.1.0 255.255.255.0 any

access-list acl_inside permit tcp any any eq www

access-list acl_inside permit tcp any any eq 8080

access-list acl_outside permit tcp any any eq smtp

access-list acl_outside permit icmp any any echo-reply

access-list acl_outside permit icmp any any time-exceeded

access-list acl_outside permit tcp any any eq https

access-list acl_outside permit udp any eq isakmp any

access-list acl_outside permit udp any eq 4500 any

access-list acl_outside permit esp any any

access-list acl_outside permit tcp X.X.X.X 255.255.255.0 interface outside

access-list acl_outside permit tcp X.X.X.X 255.255.255.0 interface outside eq https

access-list acl_outside deny tcp any host X.X.X.X

access-list acl_outside deny tcp any host X.X.X.X eq www

access-list acl_outside deny ip any host X.X.X.X

access-list acl_outside permit tcp any any eq www

access-list acl_outside permit tcp any host AK eq www

access-list acl_outside permit tcp any host AK eq 8080

access-list acl_outside permit tcp any any eq 8080

access-list acl_outside permit tcp any host AK eq 8900

access-list inside_nat0_outbound permit ip object-group A-NET object-group OS-AK-Servers

access-list inside_nat0_outbound permit ip any 192.168.1.40 255.255.255.248

access-list inside_nat0_outbound permit ip 192.168.1.0 255.255.255.0 192.168.1.40 255.255.255.248

access-list outside_cryptomap_100 permit ip object-group A-Nets object-group OS-AK-Servers

access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center

access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center

access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center

access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center

access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center

access-list outside_cryptomap_100 remark Protect/Encrypt ANY IP Packet from A to the AK Servers at On Site's Data Center

access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.40 255.255.255.248

access-list outside_cryptomap_dyn_40 permit ip any 192.168.1.40 255.255.255.248

New Member

Re: asa 5505 not pinging to outside interface

global (outside) 10 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 10 0.0.0.0 0.0.0.0 0 0

access-group acl_outside in interface outside

access-group acl_inside in interface inside

route outside 0.0.0.0 0.0.0.0 1

this is the remain configuration.

please go through this & let me know what is the possible cause

Re: asa 5505 not pinging to outside interface

Akhileshm, are you all set with getting outbound traffic?

Jorge

New Member

Re: asa 5505 not pinging to outside interface

Sorry jorge , i didn't get u.... but till now i'm not able to get outside traffic , i removed all the acl binding with the interface but still problem is there..

Re: asa 5505 not pinging to outside interface

I meant if your issue was resolved, can you re-attached a fresh complete config, and as usual strip out public ip , do it this way, load hyperterminal from PC and either console to ASA or telnet to switch and issue show run and capture the text, save it as notepad text file and post it as attachement .

Rgds

Jorge

New Member

Re: asa 5505 not pinging to outside interface

Hi,

U modify ur config-

first give the ip add to the outside interface and then give the default route for the outside interface pointing to the default gateway. means

route outside 0 0 A.B.C.D where A.B.C.D is the default gateway.

And also apply nat rule for internet access like--

nat (inside) 1 0 0

global (outside) 1 interface

150
Views
0
Helpful
7
Replies
CreatePlease to create content