Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5550 VPN Ipsec works but not able to browse the internet

Hi,

We have setup an asa 5550 with ipsec. When I have build up the vpn connection and then try to ping a external (internet) address it works but when I try to browse it will not work. Is this an firewall issue on the ASA?

Thx,

Marc

8 REPLIES

Re: ASA 5550 VPN Ipsec works but not able to browse the internet

Marc-

Sounds more like a DNS issue, so let's check that first. Can you ping a site by name (ping slashdot.com)?

New Member

Re: ASA 5550 VPN Ipsec works but not able to browse the internet

Hi Collin,

I can resolve the ip address and i can ping the address. But I cannot browse.

Marc

New Member

Re: ASA 5550 VPN Ipsec works but not able to browse the internet

Hi Collin,

Futher testing reveals that the asa blocks returning traffic. I can see the traffic leaving our network to the internet and returning traffic entering our network. It stops at the asa.

I have enclosed the config file of the asa.

thx Marc

New Member

Re: ASA 5550 VPN Ipsec works but not able to browse the internet

Hi Collin,

I created a packet capture on the inside interface. You can see that the http traffic is returning correctly.

Marc

New Member

Re: ASA 5550 VPN Ipsec works but not able to browse the internet

Has it something to do with nat exempt?

New Member

Re: ASA 5550 VPN Ipsec works but not able to browse the internet

Hi, I solved the problem. I had to add a tunneled interface on the inside network.

thx,

Marc

Re: ASA 5550 VPN Ipsec works but not able to browse the internet

Marc-

Glad to hear you worked through it. Can you explain or give the command of your added tunnel interface?

New Member

Re: ASA 5550 VPN Ipsec works but not able to browse the internet

Hi,

yes the command is:

route inside 0.0.0.0 0.0.0.0 137.120.xxx.xxx tunneled

Marc

342
Views
0
Helpful
8
Replies