12-15-2013 06:51 AM - edited 03-11-2019 08:18 PM
dear all, my issues is that my host off the internal network are not able to get to internet, someone shed some light ??
Evans-Tech# sh run
: Saved
:
ASA Version 8.2(5)
!
hostname Evans-Tech
domain-name Evans-Tech
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
!
interface Ethernet0/1
switchport access vlan 2
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
description out-interface
nameif outside
security-level 0
ip address 41.79.46.28 255.255.255.192
!
interface Vlan2
description Lan interface
nameif internal
security-level 0
ip address 192.168.0.1 255.255.255.0
!
boot system disk0:/asa825-k8.bin
ftp mode passive
dns domain-lookup internal
dns server-group DefaultDNS
name-server 41.79.47.6
name-server 41.79.47.7
name-server 8.8.8.8
name-server 4.2.2.2
domain-name Evans-Tech
pager lines 24
mtu outside 1500
mtu internal 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-714.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (internal) 1 192.168.0.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 41.79.46.28 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.0.0 255.255.255.0 internal
snmp-server host internal 192.168.0.2 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 internal
ssh timeout 20
ssh version 2
console timeout 0
12-15-2013 06:56 AM
Hi,
Your default route is pointing to the ASA itself
Check the interface and route configuration you have
interface Vlan1
description out-interface
nameif outside
security-level 0
ip address 41.79.46.28 255.255.255.192
route outside 0.0.0.0 0.0.0.0 41.79.46.28 1
As you can see you are using the same IP address as the gateway IP for your default route.
So you would have to remove this route and confirm the correct IP address that is the IP address of the ISPs gateway.
no route outside 0.0.0.0 0.0.0.0 41.79.46.28 1
route outside 0.0.0.0 0.0.0.0
Then it should probably work. I can't see anything else in the above configuration that should cause problems.
- Jouni
12-15-2013 06:57 AM
Also,
You have the same "security-level" on both interfaces.
Change the internal interface level to 100 with the below configurations
interface Vlan2
security-level 100
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide