10-10-2013 07:25 PM - edited 03-11-2019 07:50 PM
Please critique my ASA5505 NAT & ACL Setup and let me know why devices are not connecting to Internet/WAN.
(If my addresses are a bit off by any chance, they have been changed in haste).
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 112.74.71.71 1
global (outside) 1 interface
Thanks.
Solved! Go to Solution.
10-10-2013 10:23 PM
Hello,
Okey, so now you have connectivity to the outside world.
That's good.
From the ASA perspective DNS should be allowed as you do not have any ACL
do show run access-group just to make sure.
Make sure the client has a DNS configured.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
10-10-2013 08:50 PM
Hello,
Do the following
From the ASA itself
ping 112.74.71.71
ping 4.2.2.2
What are the results, if succesfull do
packet-tracer input inside tcp 192.168.1.10 1025 4.2.2.2 80
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
10-10-2013 09:22 PM
ping 112.74.71.71 works with 100%.
ping 4.2.2.2 fails at 0% though.
10-10-2013 09:00 PM
remove this line:
route outside 0.0.0.0 0.0.0.0 112.74.71.71 1
if you want DHCP to set the default route for you, then you don't need to fix it yourself:
ip address dhcp setroute
Patrick
10-10-2013 09:08 PM
Shall I remove all static routes then?
Edit: I removed all static routes and I can ping 74.125.228.35 (Google).
But I still can't get any DNS or other apps to work.
Thanks.
10-10-2013 10:23 PM
Hello,
Okey, so now you have connectivity to the outside world.
That's good.
From the ASA perspective DNS should be allowed as you do not have any ACL
do show run access-group just to make sure.
Make sure the client has a DNS configured.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
10-10-2013 10:28 PM
show run access-group
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
Do I manually set DNS server on clients?
How do I make my ASA give DNS info?
Update:
If I type 74.125.225.102 directly into browser, it works.
But if i type google.com, it doens't
Almost there but DNS isn't!! argh
Thanks.
10-11-2013 03:14 PM
Hello,
Well, if the ASA is configured as a DHCP server just do
dhcpd dns 4.2.2.2
It's a DNS issue, you can configure it manually on the PC but if you want to do it via DHCP this is the way to do it
Regards,
Jcarvaja
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: