Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
2
Replies

hallo community

CSCO11839734
Level 1
Level 1

‎12-15-2013 06:51 AM - edited ‎03-11-2019 08:18 PM

dear all, my issues is that my host off the internal network are not able to get to internet, someone shed some light ??

Evans-Tech# sh run

: Saved

:

ASA Version 8.2(5)

!

hostname Evans-Tech

domain-name Evans-Tech

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

!

interface Ethernet0/1

switchport access vlan 2

!

interface Ethernet0/2

shutdown

!

interface Ethernet0/3

shutdown

!

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown    

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

interface Vlan1

description out-interface

nameif outside

security-level 0

ip address 41.79.46.28 255.255.255.192

!

interface Vlan2

description Lan interface

nameif internal

security-level 0

ip address 192.168.0.1 255.255.255.0

!

boot system disk0:/asa825-k8.bin

ftp mode passive

dns domain-lookup internal

dns server-group DefaultDNS

name-server 41.79.47.6

name-server 41.79.47.7

name-server 8.8.8.8

name-server 4.2.2.2

domain-name Evans-Tech

pager lines 24

mtu outside 1500

mtu internal 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-714.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (internal) 1 192.168.0.0 255.255.255.0

route outside 0.0.0.0 0.0.0.0 41.79.46.28 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

aaa authentication serial console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

http server enable

http 192.168.0.0 255.255.255.0 internal

snmp-server host internal 192.168.0.2 community *****

no snmp-server location

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh 192.168.0.0 255.255.255.0 internal

ssh timeout 20

ssh version 2

console timeout 0

Labels:
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎12-15-2013 06:56 AM

Hi,

Your default route is pointing to the ASA itself

Check the interface and route configuration you have

interface Vlan1

description out-interface

nameif outside

security-level 0

ip address 41.79.46.28 255.255.255.192

route outside 0.0.0.0 0.0.0.0 41.79.46.28 1

As you can see you are using the same IP address as the gateway IP for your default route.

So you would have to remove this route and confirm the correct IP address that is the IP address of the ISPs gateway.

no route outside 0.0.0.0 0.0.0.0 41.79.46.28 1

route outside 0.0.0.0 0.0.0.0

Then it should probably work. I can't see anything else in the above configuration that should cause problems.

- Jouni

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Jouni Forss

‎12-15-2013 06:57 AM

Also,

You have the same "security-level" on both interfaces.

Change the internal interface level to 100 with the below configurations

interface Vlan2

  security-level 100

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card