06-29-2014 07:53 AM - edited 03-11-2019 09:23 PM
HI,
Please find the attached file ASA configuration on ASA we getting internet but local network not getting internet .
06-29-2014 08:28 AM
The config looks pretty basic and mostly OK.
Please tell us what your local network host configuration and test is - i.e are you getting a DHCP address from the ASA, is the gateway being set to the ASA inside interface, what's your IP address and what test are you using to check Internet connectivity?
06-29-2014 09:39 AM
Dear Mr.Marvin Rhoads ,
Thanks for your replay as per enclosed config on interface GigabitEthernet0/1 we connected directly to one system and given lan ip dhcp on systems dhcp ip is resolved from system we able to ping to ASA geteway ip but from system we are not getting internet.we are not configured any host .
We have fortigate firewall find the enclosed FG configure we want to replace FG to ASA5525-SSD120-K9 please suggest me how to configure on ASA.
06-29-2014 11:35 AM
What test are you using to "get Internet"?
I would suggest you do the following to clean up the config:
1. remove the global ACL allowing ip any-any
2. remove the application of outside service-policy and
3. add the icmp inspection to the global policy.
conf t no access-group 101 global no service-policy outside-policy interface outside policy-map global_policy class inspection_default inspect icmp end wr mem
Then provide output of the following commands from the ASA:
ping 4.2.2.2 packet-tracer input inside icmp 192.168.5.11 0 0 4.2.2.2 detailed
06-29-2014 09:55 PM
Dear Sir,
Please give me basic commands for 5525X for inter net configuration to local system.
On 5510 if i given these commands i getting internet to local systems, but same commands not allowed to 5525X suggested me commands on Version 9.1(3)
nat-control
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1.
06-30-2014 06:00 AM
We have lic file how can i get licence to asa we need key for activate the license.
06-30-2014 06:27 AM
When you say license file what type of license are you talking about?
There is an ASA feature license and an ASA CX Net Generation Firewall subscription license file.
The ASA feature license is delivered in the for of a Product Activation Key (PAK) which you use to get an activation-key for the ASA. You can go to http://www.cisco.com/go/license to obtain that activation-key.
If you have an NGFW license file you install and activate that using the PRSM interface.
06-30-2014 08:32 AM
On http://www.cisco.com/go/license i done the register licence for
Description:
Follow these steps to install your ASA-CX license file: 1. Select Administration > Licenses. 2. Select I want to > Upload License File. 3. In the Upload License File panel, click Browse and select the license file from your workstation or network drive. 4. Click Upload.
where can i found the step 1
1. Select Administration > Licenses.
please suggest me
06-30-2014 06:23 AM
Did you try the commands I already gave you earlier?
The ones you listed above (nat-control etc.) are old style Pix / pre 8.3 syntax. The ones in the initial configuration you posted look OK with the changes I suggested already.
06-30-2014 09:02 AM
As Marvin has mentioned, your config looks fine for access to the internet.
could you please run a packet tracer which might shed some light on what is happening:
packet-tracer input inside tcp 192.168.5.20 12345 4.2.2.2 80 detail
Post the output here.
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide