Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 Unable to Connect to the Internet via PAT

Hi,

I have the following config.

ISProuter---ASA---3750-------LAN users

ALl LAN users use VLAN 10 (10.10.20.50) as their default gateway. Int g1/1 on the 3750 is in Layer 3 and has IP address 10.10.18.5. Its 0.0.0.0 route points to the ASA internal interface 10.10.18.2.

Users are able to ping the ASA internal 10.10.18.2. They cannot connect to the internet. Please help. Attached is my config.

name 10.10.20.55 Router3750

dns-guard

!

interface Ethernet0/0

nameif Outside

security-level 0

ip address 151.2XX.2XX.246 255.255.255.240

!

interface Ethernet0/1

nameif Roxcomp-Corporate

security-level 100

ip address 10.10.18.2 255.255.255.240

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

same-security-traffic permit intra-interface

access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.20.0 255.255.252.0 10.10.100.0 255.255.255.0

access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.100.0 255.255.255.0 10.10.20.0 255.255.252.0

access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.18.0 255.255.255.240 10.10.100.0 255.255.255.0

access-list Roxcomp-Corporate_nat0_inbound extended permit ip 10.10.100.0 255.255.255.0 10.10.18.0 255.255.255.240

access-list Roxcomp_splitTunnelAcl standard permit 10.10.16.0 255.255.248.0

access-list nonat remark NO NAT applied for VPN Client return traffic

access-list nonat extended permit ip any 10.10.100.0 255.255.255.0

access-list Roxcomp-Corporate_access_in extended permit ip any any

access-list Roxcomp-Corporate_access_in extended permit ip object-group ROXNETWORKS any

pager lines 24

logging enable

logging asdm informational

mtu management 1500

mtu Outside 1500

mtu Roxcomp-Corporate 1500

ip local pool Testpool 10.10.100.50-10.10.100.55 mask 255.255.255.0

ip verify reverse-path interface Outside

asdm image disk0:/asdm-507.bin

no asdm history enable

arp timeout 14400

global (Outside) 10 interface

nat (management) 0 0.0.0.0 0.0.0.0

nat (Roxcomp-Corporate) 0 access-list nonat

nat (Roxcomp-Corporate) 0 10.10.18.0 255.255.255.240

nat (Roxcomp-Corporate) 0 10.10.20.0 255.255.252.0

static (Roxcomp-Corporate,Outside) 151.203.206.248 Router3750 netmask 255.255.255.255

access-group Roxcomp-Corporate_access_in in interface Roxcomp-Corporate

route Outside 0.0.0.0 0.0.0.0 151.2XX.2XX.2XX 1

route Roxcomp-Corporate 10.10.20.0 255.255.252.0 10.10.18.5 1

http server enable

http 192.168.1.0 255.255.255.0 management

http 0.0.0.0 0.0.0.0 Outside

ssh 0.0.0.0 0.0.0.0 management

ssh 0.0.0.0 0.0.0.0 Outside

ssh timeout 30

console timeout 30

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

service-policy global_policy global

Cryptochecksum:xxx

: end

ROXFW2#

2 REPLIES

Re: ASA 5510 Unable to Connect to the Internet via PAT

no nat (Roxcomp-Corporate) 0 10.10.18.0 255.255.255.240

no nat (Roxcomp-Corporate) 0 10.10.20.0 255.255.252.0

nat (Roxcomp-Corporate) 10 10.10.18.0 255.255.255.240

nat (Roxcomp-Corporate) 10 10.10.20.0 255.255.252.0

New Member

Re: ASA 5510 Unable to Connect to the Internet via PAT

All nat Statements have the nat-id 0 (0 stands for identity nat). There is no nat entry for your global 10 statement.

Try:

nat (Roxcomp-Corporate) 10 LAN-User-VLAN

global (Outside) 10 interface

310
Views
0
Helpful
2
Replies
CreatePlease to create content