Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Can't Connect to Internet through ASA 5510....

Any help would be great......I have made several changes but can't seem to connect to the internet......

I am very new to the cisco and asa world....

Thanks for the help.

Here is my config file...

: Saved
:
ASA Version 8.0(5)
!
hostname asa
enable password m encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.5 255.255.255.0
management-only
!
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
pager lines 24
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (inside) 101 interface
global (outside) 1 111.111.111.11
nat (inside) 1 192.168.10.0 255.255.255.0
nat (inside) 101 0.0.0.0 0.0.0.0
nat (outside) 101 0.0.0.0 0.0.0.0 outside
route outside 0.0.0.0 0.0.0.0 192.168.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.6-192.168.1.254 management
!
dhcpd address 192.168.10.2-192.168.10.30 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username asa password v encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:6f11e3619456492d465bbbec26ff930d
: end
asdm image disk0:/asdm-631.bin
no asdm history enable

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

Nice,

I am glad that everything is working, would you please mark this issue as resolved?

Thanks!

Mike

Mike
82 REPLIES
Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

Please remove the following as follows:

no global (inside) 101 interface
no global (outside) 1 111.111.111.11
no nat (inside) 1 192.168.10.0 255.255.255.0

no nat (outside) 101 0.0.0.0 0.0.0.0 outside
no route outside 0.0.0.0 0.0.0.0 192.168.10.1 1

And add the following:

global (outside) 101 interface

After the above changes, please "clear xlate".

Please check the output of "show route" and makes sure that you have default gateway set by your ISP via the DHCP setroute command on the outside interface.

Hope that helps.

New Member

Re: Can't Connect to Internet through ASA 5510....

Thanks.....

Ok I made those changes.....

If I enter the show route I recieve the following....

Gateway of last resort is not set

c  192.168.10.0 255.255.255.0 is directly connected, inside

c  192.168.1.0   255.255.255.0 is directly connected, management

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

OK, that means your outside interface doesn't seem to get the default gateway from your ISP.

How is the connection to the ISP? is it supposed to be DHCP assigned address? Are you getting IP Address on the outside interface?

Please check "show interface" to see if you are getting ip address on the Outside interface.

If not, please try shut/unshut the interface:

interface Ethernet0/0

    shut

    no ip address

    ip address dhcp setroute

    no shut

And check the interface again and route.

New Member

Re: Can't Connect to Internet through ASA 5510....

My connection is.....

ISP provided dsl modem <-------> asa outside interface

asa inside interface <------------> internal switch

internal switch <--------------> office pc

DHCP is how my isp provide modem is currently set.......I can change it and will change it to whatever will make it work.

I made the changes as you suggested and recieved the following...

show route

Gateway of last resort is not set

C    192.168.10.0 255.255.255.0 is directly connected, inside
C    192.168.1.0 255.255.255.0 is directly connected, management

New Member

Re: Can't Connect to Internet through ASA 5510....

Hello,

Why dont you try and set a static route in asa pointing towards the dsl modem?

Regards

Raja

Re: Can't Connect to Internet through ASA 5510....

Can you post a : show inter ip brie

and debug dhcpc event

for the debug you must add first :

logging enable

logging buffered 1

Dan

New Member

Re: Can't Connect to Internet through ASA 5510....

show inter ip brie.......

Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES DHCP   up                    up
Ethernet0/1                192.168.10.1    YES manual up                    up
Ethernet0/2                unassigned      YES unset  administratively down down
Ethernet0/3                unassigned      YES unset  administratively down down
Management0/0              192.168.1.5     YES CONFIG up                    up

Re: Can't Connect to Internet through ASA 5510....

Do you know from what class should you receive the dynamic IP ( the problem might be that

you should receive an IP from 192.168.1 or 192.168
.10 ) because the interface configuration is ok.

Do you have any logs like : Failed to apply IP address to

BTW enable your logging

Dan

New Member

Re: Can't Connect to Internet through ASA 5510....

dancicioiu wrote:

and debug dhcpc event

for the debug you must add first :

logging enable

logging buffered 1

Dan

can't seem to make this command work......

asa(config)# debug dhcpc event
                           ^
ERROR: % Invalid input detected at '^' marker.

Re: Can't Connect to Internet through ASA 5510....

try :

debug dhcpc detail

New Member

Re: Can't Connect to Internet through ASA 5510....

asa(config)# debug dhcpc detail

debug dhcpc detail enabled at level 1

New Member

Re: Can't Connect to Internet through ASA 5510....

i'm starting to wonder if there isn't something configured/set up wrong within my ISP provided modem.......

Currently I have done nothing differently with it.....except hook the asa into it.....

Should I change something within it?


I have conntacted my isp so I do have my static IP but I have not done anything with them......

Thanks for everyone's help!

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

If you received static IP address from your ISP, you should just configure the static ip address on your ASA outside interface instead of DHCP.

Then you would also need to configure default route on the ASA to point to your ISP IP address. Internet should work after that.

New Member

Re: Can't Connect to Internet through ASA 5510....

Sorry was a long holiday weekend......and I elected to take the entire weekend off.......

Back to work now.....

Here is my running config.......

Something still isn't quite right........

I have a feeling it has to do with my my configuration of my route to point to my ISP IP address........

ASA Version 8.0(5)
!
hostname l
enable password l encrypted
passwd 2 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 111.111.111.11 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.5 255.255.255.0
management-only
!
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
pager lines 24
logging enable
logging buffered alerts
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 192.168.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.6-192.168.1.254 management
!
dhcpd address 192.168.10.2-192.168.10.30 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password vx8BkOWfWwvYuBKw encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:270ddeeb0289103b45bfa08f20419bba
: end
asdm image disk0:/asdm-631.bin
no asdm history enable

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

Great to hear you are enjoying your weekend

The default gateway for the ASA is incorrect.

It seems incorrect that your outside interface ip addres is 111.111.111.11 (with a /30 mask, 111.111.111.11 would be a broadcast address). Can you please double check with your ISP the actual ip address? Unless you are masking the ip address for privacy.

The following default gateway configured is incorrect:

route outside 0.0.0.0 0.0.0.0 192.168.10.1 1

192.168.10.1 is your ASA inside interface. By configuring default gateway towards the ASA inside interface, the traffic will not go out to the Internet.

You would need to remove the above, and configure the next hop ip address towards your ISP (would be in the same subnet as your ASA outside interface given by your ISP). Please check with your ISP what should be the ASA default gateway, then configure the following:

route outside 0.0.0.0 0.0.0.0

New Member

Re: Can't Connect to Internet through ASA 5510....

Yes I did mask my ISP given static ip for privacy reason.....so the 111.111.111.11 is fake ip......

They have given me 2 static ip addresses.....for privacy purposes I will use

111.111.111.11 and 222.222.222.22.....

So are you saying my outsider interface should read

interface Ethernet0/0
nameif outside
security-level 0
ip address 111.111.111.11 255.255.255.252 

Then my route will read the following.....

route outside 0.0.0.0 0.0.0.0 111.111.111.11 1

According to my ISP my default gateway is my First Static IP so using the a fake static ip's from above my default gateway would be 111.111.111.11.....

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

.

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

Hi ,

Consider the below:

111.111.111.12     ------> ip address of the Gateway (i.e ISP router ip address,) and

111.111.111.11   --------> ip address that needs to be assigned to the ASA,

Internal network-------(inside)ASA(outside)-------------------------(111.111.111.12 )ISP Router----------INTERNET

                                                    (111.111.111.11)

If the above is the setup, you need the following configuration:


interface Ethernet0/0
nameif outside
security-level 0
ip address
111.111.111.11
  255.255.255.252 

route outside 0.0.0.0 0.0.0.0 111.111.111.12 1

Let me know if this works,

Cheers,

Rudresh V

New Member

Re: Can't Connect to Internet through ASA 5510....

do I need to configure my outside interface to accept or handle a ppoe connection.....since that is what my current isp provided modem/router does?

If so I would assume I need to bridge my ISP provided router.....then add the static ip and my ppoe configurations to my outside interface....

I believe I do have those configurations.......I changed it to that way last night.......

However I still can't connected.....

Here is my config file......  I obviously have hidden my static ips.....but I have 2 one is xxx.xxx.xxx.13 and the other is xxx.xxx.xxx.14

: Saved
:
ASA Version 8.0(5)
!
hostname x
enable password mrNAzLB3WoDGll7l encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address xxx.xxx.xxx.14 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.5 255.255.255.0
management-only
!
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
pager lines 24
logging enable
logging buffered alerts
logging asdm informational
logging debug-trace
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.13 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.10.2-192.168.10.30 inside
dhcpd enable inside
!
dhcpd address 192.168.1.6-192.168.1.47 management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password vx8BkOWfWwvYuBKw encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:411b6627479dcd14b847fdf03cf5b90f
: end
asdm image disk0:/asdm-631.bin
no asdm history enable

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

Hey,

Well, if your ISP modem is set to the bridged mode and PPPoE is being employed, then you need to configure the ASA as a PPPoE client. you can refer to the following for that:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080ab7ce9.shtml

I also understand that you've been assigned a set of static ip's from the ISP. You will need to get in touch with the ISP and they should be able to direct you on how to configure the modem to always assign a static ip and gateway (from the static ip set you've been assigned) to your ASA using the PPPoE itself (it usually has something to do with the username assigned by your ISP to you).

Hope this helps!

New Member

Re: Can't Connect to Internet through ASA 5510....

I think I (we) are getting closer!

I have bridged my modem.......set my asa to a ppoe configuration.

However my laptop shows it has an Internet connection but I can't load any page.....Google.com, our company website or anything else??

I simple get this page cannot be displayed.  Almost as if all internet surfing is blocked.....

Thanks!

just for clarification.....xxx.xxx.xxx.1 is my first static ip and xxx.xxx.xxx.2 is my second static ip....  But I question if the second should be used there......since ultimately I will want to use it for my server when I do vpn connections....

Here is my current config......

: Saved
:
ASA Version 8.0(5)
!
hostname g
enable password mrNAzLB3WoDGll7l encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
pppoe client vpdn group cl
ip address xxx.xxx.xxx.1 255.255.255.255 pppoe
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.5 255.255.255.0
management-only
!
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
pager lines 24
logging enable
logging buffered alerts
logging asdm informational
logging debug-trace
mtu outside 1492
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 101 interface
global (inside) 1 192.168.10.2-192.168.10.30 netmask 255.0.0.0
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group cl request dialout pppoe
vpdn group cl localname learning361
vpdn group cl ppp authentication pap
vpdn username xxxxxxxxx password ********* store-local
dhcpd address 192.168.10.2-192.168.10.30 inside
dhcpd enable inside
!
dhcpd address 192.168.1.6-192.168.1.47 management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password vx8BkOWfWwvYuBKw encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:56d7d6089af44b50dd585452a16c5e11
: end
asdm image disk0:/asdm-631.bin
no asdm history enable

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

Hello,

Can you clarify what xxx.xxx.xxx.2 is? You mentioned that xxx.xxx.xxx.2 is a static IP assigned to your by your ISP. However, I see this line in the config:

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.2 1

The route command should contain the IP address of your default gateway (i.e. the next hop you'll hit when you browse out to the Internet), not an IP address assigned to you. If you're not sure what this should be, check with your ISP and they should be able to tell you. Once you have that, remove that route command and re-enter it using the correct IP.

Hope that helps.

-Mike

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

Could you post the output of

sh ip

sh route

ping x.x.x.2

ping 4.2.2.2

where x.x.x.2 is the GW that you have configured.

enable logging and post the logs if the pings fail.

conf t

logging on

logging buffered 7

exit

sh logg |  i 4.2.2.2

-KS

New Member

Re: Can't Connect to Internet through ASA 5510....

kusankar wrote:

Could you post the output of

sh ip

sh route

ping x.x.x.2

ping 4.2.2.2

where x.x.x.2 is the GW that you have configured.

enable logging and post the logs if the pings fail.

conf t

logging on

logging buffered 7

exit

sh logg |  i 4.2.2.2

-KS

xxx.xxx.xxx.1 is my static IP....

Here is the results from

sh ip

System IP Addresses:
Interface                Name                   IP address      Subnet mask                                                Method
Ethernet0/0              outside                xxx.xxx.xxx.1  255.255.255.255                                            manual
Ethernet0/1              inside                 192.168.10.1    255.255.255.0                                              manual
Management0/0            management             192.168.1.5     255.255.255.0                                              CONFIG

Current IP Addresses:
Interface                Name                   IP address      Subnet mask                                                Method
Ethernet0/0              outside                xxx.xxxxxx.1  255.255.255.255                                            manual
Ethernet0/1              inside                 192.168.10.1    255.255.255.0                                              manual
Management0/0            management             192.168.1.5     255.255.255.0                                              CONFIG

show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
      D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is xxx.xxx.xxx.1 to network 0.0.0.0

C    192.168.10.0 255.255.255.0 is directly connected, inside
C    192.168.1.0 255.255.255.0 is directly connected, management
S*   0.0.0.0 0.0.0.0 [1/0] via xxx.xxx.xxx.1, outside

ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)

New Member

Re: Can't Connect to Internet through ASA 5510....

So I am getting a Unidentified network from the computers I am not connecting to my asa......so between that and not being able to connect to the Internet I am very confused......any help is greatly appreciated.

THANK YOU ALL!!

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

Hey Toddy,

Mike here, in the show route, you can see a default route on which you see 0.0.0.0 0.0.0.0 via x.x.x.x, can you please try to ping that x.x.x.x IP and see if you get replies?

Cheers

Mike

Mike
New Member

Re: Can't Connect to Internet through ASA 5510....

Hello Mike -

The xxx.xxx.xxx.1 is my static ip.  According to my ISP the first static ip given to me is my default gateway.

That siad I have my ASA to establish a PPOE connect and obtain IP address using PPOE.  And the asa does all this....If I go my ASDM and monitor my PPOE Client my outside interface shows my first static ip.

You asked to ping that x.x.x. IP.  IF you are suggesting I do so from another pc that is connected to my inside network I cannot do that.  For whatever reason I any pc I connect to my inside network I receive an unidentified network and an IP address conflict....

Thanks for you help

Cisco Employee

Re: Can't Connect to Internet through ASA 5510....

Hello Toddy,

I see, but you cannot have your outside interface IP address as a default gateway, your ISP should assign you a default gateway. Do me a favor, I think I know how we can check this..... Go ahead and connect the PC to the modem, get the IP address and stuff and check with the ipconfig on the command prompt (if windows) if linux ifconfig and check what is the default gateway that you get, also check if you are able to ping 4.2.2.2.

Will be waiting for the reply.

Cheers.

Mike

Mike
New Member

Re: Can't Connect to Internet through ASA 5510....

Interesting stuff Mike.......I only input the Static IP as my default Gateway since 2 different ISP support staff told me that the First Static IP they gave me was also my default gateway........

I took my modem out of bridge mode......hooked my pc up to my modem was able to connect to the internet.....but this completely removes my asa from the equation.....SO

cmd give me....

ipv4 address........192.168.1.47

subnet mask........255.255.255.0

default gateway.....192.168.1.1

ping 4.2.2.2 give me.....

reply from 4.2.2.2: bytes=32 time=33ms TTL=56

reply from 4.2.2.2: bytes=32 time=33ms TTL=56

reply from 4.2.2.2: bytes=32 time=33ms TTL=56

reply from 4.2.2.2: bytes=32 time=33ms TTL=56

Ping statistics for 4.2.2.2:

Packets: sent = 4 Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-sconds:

Minimum = 32ms, Maximum = 33ms, Average = 32ms

Thanks

13186
Views
0
Helpful
82
Replies
CreatePlease to create content