Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CISCO ASA_Blocking all traffic

Hello.

I have a CISCO ASA firewall. The network looks like:


LAN > L2 Switch > ASA E0/1 - ASA E0/0 > ISP

The interface E0/0 is connected to the ISP end & intercafe E0/1 is connected to my LAN of few PC via a L2 switch.

The problem I am facing is, I can not go internet from my LAN PC. Even I can not web browse. May be the ASA is blocking the traffic's.

I can ping the interface E0/1.

FYI, the runing configurations are attached. Need suggestion please. Thanks in advance.

Regards.

Sakibnaz.

2 REPLIES
Cisco Employee

Re: CISCO ASA_Blocking all traffic

Hello,

Please remove the following line:

static (External,Internal) 172.16.1.130 0.0.0.0 netmask 255.255.255.255

Regards,

NT

Cisco Employee

Re: CISCO ASA_Blocking all traffic

Hello,

The NAT configuration mentioned in the previous post might be introducing some issues.  Just a follow-up question, I see the following commands in your configuration:

access-list External_access_in_V1 extended permit tcp any host 172.16.1.130

access-group External_access_in_V1 in interface External

Are you trying to allow all outside users to access internal host 172.16.1.130?  Since  you are running software version 7.0 on the ASA, the current ACL will never work, because outside users will need to access this host on a public IP address and not an internal IP address.  If you have a usable external IP address assigned by your ISP that you would like to use for this host, then you will need to configure the following:

access-list External_access_in_V1 extended permit tcp any host

access-group External_access_in_V1 in interface External

static (Internal,External) 172.16.1.130 netmask 255.255.255.255

Hope that helps.

316
Views
0
Helpful
2
Replies