Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

cant

xx

3 REPLIES

Re: Cant access the internet from LAN.

hi,

could you add:

interface vlan x

nameif outside

ip address OR ip address dhcp setroute 

int eth0/0

switchport access vlan x

route outside 0 0   // FOR STATIC IP

object network INSIDE_SEGMENT

  subnet 10.10.0.0 255.255.255.224

  nat (any,outside) dynamic interface

Community Member

Re: Cant access the internet from LAN.

Hi,

As you mentioned that you can ping websites from internal LAN and cannot open the pages, This clearly states that this is an issue with the dns resolution.

Next thing the configuration shows that you are not using this firewall as internet gateway, so if you can get us the topology that you are using, it would be lot better to comment on the issue that you are facing.

Also if you can get us the output for packet-tracer on the ASA.

packet-tracer input inside udp 10.10.0.55 1234 4.2.2.2 53 detailed

packet-tracer input inside tcp 10.10.0.55 1234 4.2.2.2 80 detailed

Cheers,

Naveen

Community Member

Re: Cant access the internet from LAN.

- 1 Create an object:

object network internet

subnet 0.0.0.0 0.0.0.0

- 2 Create an ACL

access-list outside_in extended permit icmp any any object-group ICMP

access-list outside_in extended permit icmp any interface outside

access-list outside_in remark Internet - (Just a description)

- 3 Create a NAT

object network internet

nat (inside,outside) dynamic interface

- 4 Create an Access Group (Should be named as the ACLs)


access-group outside_in in interface outside

Regards,

261
Views
0
Helpful
3
Replies
CreatePlease to create content