I'm trying set up ASA in test lab and have issue witch internet connectivity. Since it's my first experience with this device I've followed documentation and think everything is configured correctly. I can reach internet from ASA's outside interface, but not from inside interface or client which is connected to inside interface. After some research about access-list rules I'am even able ping trough ASA from client device, but still can't find out where's a catch about other traffic like http. In case of http, similiar acces-list like with ping didn't work. Maybe i'm overlooking something obvious, but don't see it.
Your outside interface subnet also includes the subnet that is assigned to your inside interface. Since this is a lab I would assume you can change this outside interface subnet mask? since your default route points to 10.0.1.138 I am assuming that this IP also has a subnet of /8? This will cause both the ASA and router connected to the ASA to believe they are directly connected to the 10.0.2.0/24 network on the outside interface and this traffic will never be routed by the ASA. Change it to a /24 and then test.
If that doesn't work, which interface are you connecting the PC to? As of right now only interface Eth0/1 is active.
Have you checked that your PC is getting the correct IP from the DHCP on the ASA?
Normally I would tell you to remove these commands, but since you say this is a lab setup...up to you
http 10.0.0.0 255.0.0.0 outside
ssh 10.0.0.0 255.0.0.0 outside
-- Please remember to rate and select a correct answer
Please remember to rate and select a correct answer
thank you for response. I tried your advice and changed outside interface subnet to /24 but it doesn´t help. Interface is fine, I keep just that one up and test one PC pluged in. DHCP is corret too. As I mentioned I can ping to internet but can´t reach other services. I assume if it would be problem with routing I couldn´t even ping. I think it must be something with default access-list setting what is denying packets. Any other ideas? I´m already mad with this issue:-)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...