Installed ASA 5520 - Unable to get out to internet
I'm pretty new working with the Cisco products, however I have the privledge to test the ASA 5520. I'm unable to ping the outside interface from the inside network. I'm unable to go out to the Internet. Any help is appreciated. Here is my config:
ASA Version 7.0(4)
enable password xxxxxxxxxxx
ip address 123.x.x.x.255.255.248
ip address 192.168.0.1 255.255.255.0
ip address 192.168.199.1 255.255.255.0
no ip address
ip address 192.168.1.1 255.255.255.0
passwd xxxxxxxxxxxxx encrypted
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
access-list acl_dmz extended permit ip 192.168.199.0 255.255.255.0 any
access-list acl_int extended permit tcp 192.168.0.0 255.255.255.0 any eq www
access-list acl_int extended permit tcp 192.168.0.0 255.255.255.0 any eq https
access-list acl_int extended permit tcp 192.168.0.0 255.255.255.0 any eq ftp
access-list acl_int extended permit tcp 192.168.0.0 255.255.255.0 any eq domain
pager lines 24
logging asdm informational
mtu Outside 1500
mtu Inside 1500
mtu DMZ 1500
mtu management 1500
icmp permit any echo Outside
icmp permit any echo-reply Outside
icmp permit any Inside
icmp permit host 18.104.22.168 echo DMZ
icmp permit host 22.214.171.124 echo-reply DMZ
asdm image disk0:/asdm-504.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 123.x.x.x.123.123.126 netmask 255.255.255.248
global (Outside) 1 123.x.x.127 netmask 255.255.255.248
Re: Installed ASA 5520 - Unable to get out to internet
A pix does not allow you to traverse one interface and terminate connections on another. But to solve your problems with getting out here are the commands you can use to pat your inside and dmz networks out to the internet using the outside interface ip address.
global (Outside) 1 interface
nat (Inside) 1 192.168.0.0 255.255.0.0
nat (DMZ) 1 126.96.36.199 255.255.0.0
access-list inbound_in permit icmp any any
access-group inbound_in in interface outside
The access-list will allow your pings going out to respond back, everything else should now work fine. To watch your pings traverse the firewall execute the command "debug icmp trace".
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...