Hi everyone, I need help setting up an ASA 5510 to allow all traffic going from the inside to outside so I can get internet access through it. I have worked on this for days and I have finally got traffic moving between my router and my ASA, but that is it. Everything is blocked because of NAT rules I assume.

I get errors like this when I try Packet Tracer:

(nat-xlate-failed) NAT failed

(acl-drop) Flow is denied by configured rule

Version Information:

Cisco Adaptive Security Appliance Software Version 9.1(4)

Device Manager Version 7.1(5)

Compiled on Thu 05-Dec-13 19:37 by builders

System image file is "disk0:/asa914-k8.bin"

Here is my ASA config, all I want for this exercise is to pass traffic from the inside network to the outside to allow internet access so I can access the internet and then look for specific acl's or nat for specific services:

Thank You!

Config:

ASA5510# sh running-config

: Saved

:

ASA Version 9.1(4)

!

hostname ASA5510

domain-name

inside.int

enable password <redacted> encrypted

xlate per-session deny tcp any4 any4

xlate per-session deny tcp any4 any6

xlate per-session deny tcp any6 any4

xlate per-session deny tcp any6 any6

xlate per-session deny udp any4 any4 eq domain

xlate per-session deny udp any4 any6 eq domain

xlate per-session deny udp any6 any4 eq domain

xlate per-session deny udp any6 any6 eq domain

passwd <redacted> encrypted

names

dns-guard

!

interface Ethernet0/0

description LAN Interface

nameif Inside

security-level 100

ip address 10.10.1.1 255.255.255.252

!

interface Ethernet0/1

description WAN Interface

nameif Outside

security-level 0

ip address 199.199.199.123 255.255.255.240

boot system disk0:/asa914-k8.bin

ftp mode passive

dns domain-lookup Outside

dns server-group DefaultDNS

name-server 199.199.199.4

domain-name

inside.int

object network inside-net

subnet 10.0.0.0 255.255.255.0

description Inside Network Object

access-list USERS standard permit 10.10.1.0 255.255.255.0

access-list OUTSIDE-IN extended permit ip any any

access-list INSIDE-IN extended permit ip any any

pager lines 24

logging enable

logging asdm informational

mtu Inside 1500

mtu Outside 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-715.bin

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

nat (Inside,Outside) source dynamic any interface

!

object network inside-net

  nat (Inside,Outside) dynamic interface

access-group INSIDE-IN in interface Inside

access-group OUTSIDE-IN in interface Outside

!

router rip

network 10.0.0.0

network 199.199.199.0

version 2

no auto-summary

!

route Outside 0.0.0.0 0.0.0.0 199.199.199.113 1

route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1

route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1

route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

http server enable

http 0.0.0.0 0.0.0.0 Inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 Inside

ssh timeout 60

ssh version 2

ssh key-exchange group dh-group1-sha1

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

username <redacted> password <redacted> encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns migrated_dns_map_1

  parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns migrated_dns_map_1

  inspect ftp

  inspect h323 h225

  inspect h323 ras

   inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http

https://tools.cisco.com/its/service/oddce/services/DDCEService

   destination address email

callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

   subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

password encryption aes

Cryptochecksum:

<redacted>
: end

SH NAT:

ASA5510# sh nat

Manual NAT Policies (Section 1)

1 (Inside) to (Outside) source dynamic any interface

    translate_hits = 0, untranslate_hits = 0

Auto NAT Policies (Section 2)

1 (Inside) to (Outside) source dynamic inside-net interface

     translate_hits = 0, untranslate_hits = 0

SH RUN NAT:

SH RUN OBJECT:

ASA5510(config)# sh run object

object network inside-net

subnet 10.0.0.0 255.255.255.0

description Inside Network Object