Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

hallo community

dear all, my issues is that my host off the internal network are not able to get to internet, someone shed some light ??

Evans-Tech# sh run

: Saved

:

ASA Version 8.2(5)

!

hostname Evans-Tech

domain-name Evans-Tech

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

!

interface Ethernet0/1

switchport access vlan 2

!

interface Ethernet0/2

shutdown

!

interface Ethernet0/3

shutdown

!

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown    

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

interface Vlan1

description out-interface

nameif outside

security-level 0

ip address 41.79.46.28 255.255.255.192

!

interface Vlan2

description Lan interface

nameif internal

security-level 0

ip address 192.168.0.1 255.255.255.0

!

boot system disk0:/asa825-k8.bin

ftp mode passive

dns domain-lookup internal

dns server-group DefaultDNS

name-server 41.79.47.6

name-server 41.79.47.7

name-server 8.8.8.8

name-server 4.2.2.2

domain-name Evans-Tech

pager lines 24

mtu outside 1500

mtu internal 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-714.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (internal) 1 192.168.0.0 255.255.255.0

route outside 0.0.0.0 0.0.0.0 41.79.46.28 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

aaa authentication serial console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

http server enable

http 192.168.0.0 255.255.255.0 internal

snmp-server host internal 192.168.0.2 community *****

no snmp-server location

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh 192.168.0.0 255.255.255.0 internal

ssh timeout 20

ssh version 2

console timeout 0

2 REPLIES
Super Bronze

hallo community

Hi,

Your default route is pointing to the ASA itself

Check the interface and route configuration you have

interface Vlan1

description out-interface

nameif outside

security-level 0

ip address 41.79.46.28 255.255.255.192

route outside 0.0.0.0 0.0.0.0 41.79.46.28 1

As you can see you are using the same IP address as the gateway IP for your default route.

So you would have to remove this route and confirm the correct IP address that is the IP address of the ISPs gateway.

no route outside 0.0.0.0 0.0.0.0 41.79.46.28 1

route outside 0.0.0.0 0.0.0.0

Then it should probably work. I can't see anything else in the above configuration that should cause problems.

- Jouni

Super Bronze

Re: hallo community

Also,

You have the same "security-level" on both interfaces.

Change the internal interface level to 100 with the below configurations

interface Vlan2

  security-level 100

- Jouni

155
Views
0
Helpful
2
Replies