Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
7
Replies

Traffic wont pass on ASA 5520

mx
Level 1
Level 1

‎08-05-2006 05:51 PM - edited ‎02-21-2020 01:05 AM

hi. I swapped out a pix 506e for an ASA, but built it from scratch instead of transferring the config. For some reason traffic wont seem to pass in or out of it, and I cant seem to figure it out. I attached the config.

I added a gateway of last resort to no avail, added a 'permit any any' on the inside interfaces for ip and tcp as a test, still nothing. I thought maybe I wasnt passing dns requests... Im stuck, so any tips will likely help :)

thanks!

bob

For what its worth, it seems I can ping thoughts out in the internet by addr but not by dns name, yet the dns servers in my dhcp pool are correct.

Preview file
5 KB
0 Helpful
7 Replies 7

glen.messenger
Level 1
Level 1

‎08-05-2006 06:19 PM

Hi,

You have no translations happening. Try the following:

nat (inside) 1 10.0.0.0 255.255.255.0

global (outside) 1 interface

Good luck.

Glen

0 Helpful

mx
Level 1
Level 1
In response to glen.messenger

‎08-05-2006 06:42 PM

Thanks Glen, I just added that, cant believe I missed that! However it didnt fix the problem. I also noticed that when I do a sho access-list Im getting a hit count of 0 on everything.

0 Helpful

glen.messenger
Level 1
Level 1
In response to mx

‎08-05-2006 06:47 PM

Hi,

Can you ping the inside interface of the ASA?

Glen.

0 Helpful

mx
Level 1
Level 1
In response to glen.messenger

‎08-05-2006 06:50 PM

Yes, I can. In fact I can even telnet to it and use ASDM.

0 Helpful

Fernando_Meza
Level 7
Level 7
In response to mx

‎08-05-2006 06:53 PM

Hi ... are you able to telnet to the inside interface of the ASA from an Internal device ..? .. if you can then make sure the default gateway for you inside hosts is pointing to the ASA's inside address. The below should give you access to Internet for any host on the 10.0.0.0 /24 range but you need to specify a DNS server for them .. you mihgt also need to type clear xlate after the below commands

nat (inside) 1 access-list Permit_All

global (outside) 1 interface

access-list Permit_All permit ip 10.0.0.0 255.255.255 any

0 Helpful

mx
Level 1
Level 1
In response to Fernando_Meza

‎08-06-2006 05:22 AM

Hi there. yes I can telnet to the inside address or anywhere else on the LAN just fine.

0 Helpful

mx
Level 1
Level 1
In response to mx

‎08-06-2006 12:18 PM

I seem to have fixed it. When using ASDM, and hitting apply, it doesnt seem to write the dhcp info correctly. I have to do the dhcpd entries from the cli. Very strange.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card