Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5510 - struggling with static routes

Hi

Situation (best viewed with 'courier new'):

(OfficeLAN) (ProdLAN)

Internet|--|Router|---------|ASA|--------

|

|

(DMZ)

I want to use the ASA BOX as the default Gateway for the LAN. on the ASA is a default route configured wich forwards the 'internet-traffic' to the Internet.

but somehow the asa simply ignores its duties to forward the traffic to the internet. Traffic destined to the production LAN and the DMZ is working fine.

Any hints for a depressive technician?

2 REPLIES
New Member

Re: ASA 5510 - struggling with static routes

Hi,

Turn on logging so you can see any error messages when you try to ping something on the Internet from the Inside or DMZ.

pix#(config) logging on

pix#(config) logging console debug

If your return packet is being denied on the outside interface, modify your outside ACL.

access-list inbound permit icmp any any echo-reply

access-group inbound in interface outside

If you see that DNS replies are being blocked by the outside interface, add this command:

dns domain-lookup outside

If you have a DNS server on the DMZ, add it as well.

dns domain-lookup DMZ

Hope this helps,

Dave

Gold

Re: ASA 5510 - struggling with static routes

just wondering what exactly you are referring to when you mentioned "the asa simply ingores its duties to forward the traffic to the internet".

do "debug icmp trace" in order to verify whether the asa is performing as expected.

also please verify that the nat/pat has been configured for internet browsing.

e.g.

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

224
Views
0
Helpful
2
Replies
CreatePlease to create content