Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
dom.a
dom.a
Community Member
‎06-26-2007 08:15 AM
‎06-26-2007 08:15 AM

pix515 no resolution from inside

I configured a pix 515. users in the lan can ping machine on the internet but cannot load any internet pages. pc on the lan have the right dns server.

please how can i resolv the dns problem ?

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
acomiskey
acomiskey Green
Green
‎06-27-2007 04:51 AM
‎06-27-2007 04:51 AM

Re: pix515 no resolution from inside

no access-list ping_acl permit icmp any any

no access-group ping_acl in interface inside

You do not need this acl to allow ping from the inside interface. Removing this acl will solve your dns problems etc. If you want to ping to the outside you only need to allow the reply in the outside interface acl like so...

access-list acl_out permit icmp any any echo-reply

Please rate if this helps.

0 Helpful
Reply
7 REPLIES
acomiskey
acomiskey Green
Green
‎06-26-2007 08:37 AM
‎06-26-2007 08:37 AM

Re: pix515 no resolution from inside

Is there an acl on the inside interface?

0 Helpful
Reply
dom.a
dom.a
Community Member
‎06-27-2007 12:23 AM
‎06-27-2007 12:23 AM

Re: pix515 no resolution from inside

hi,

Yes, just one to permit ping :

access-list ping_acl permit icmp any any

access-group ping_acl in interface inside

Find attached the configuration file.

Regards

0 Helpful
Reply
timkaye
timkaye
Community Member
‎06-27-2007 12:32 AM
‎06-27-2007 12:32 AM

Re: pix515 no resolution from inside

Hello.

The ping_acl is your problem.

You will need to add a line allowing users port 80 connections out (there maybe other ports required also)

Tim

Reply
dom.a
dom.a
Community Member
‎06-27-2007 12:45 AM
‎06-27-2007 12:45 AM

Re: pix515 no resolution from inside

ok,

addind a line like with an acl? how ?

access-list out_acl permit tcp inside-network any eq 80

is it correct ?

Regards

0 Helpful
Reply
timkaye
timkaye
Community Member
‎06-26-2007 11:52 PM
‎06-26-2007 11:52 PM

Re: pix515 no resolution from inside

Is it possible to see a configuration?

0 Helpful
Reply
dom.a
dom.a
Community Member
‎06-27-2007 12:25 AM
‎06-27-2007 12:25 AM

Re: pix515 no resolution from inside

Yes, please find attached the configuration file.

Regards

0 Helpful
Reply
acomiskey
acomiskey Green
Green
‎06-27-2007 04:51 AM
‎06-27-2007 04:51 AM

Re: pix515 no resolution from inside

no access-list ping_acl permit icmp any any

no access-group ping_acl in interface inside

You do not need this acl to allow ping from the inside interface. Removing this acl will solve your dns problems etc. If you want to ping to the outside you only need to allow the reply in the outside interface acl like so...

access-list acl_out permit icmp any any echo-reply

Please rate if this helps.

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
141
Views
5
Helpful
7
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
75
36
75
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
25
2
25
All Blogs