cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
698
Views
0
Helpful
8
Replies

ASA 5550 VPN Ipsec works but not able to browse the internet

MJonkers
Level 1
Level 1

Hi,

We have setup an asa 5550 with ipsec. When I have build up the vpn connection and then try to ping a external (internet) address it works but when I try to browse it will not work. Is this an firewall issue on the ASA?

Thx,

Marc

8 Replies 8

Collin Clark
VIP Alumni
VIP Alumni

Marc-

Sounds more like a DNS issue, so let's check that first. Can you ping a site by name (ping slashdot.com)?

Hi Collin,

I can resolve the ip address and i can ping the address. But I cannot browse.

Marc

Hi Collin,

Futher testing reveals that the asa blocks returning traffic. I can see the traffic leaving our network to the internet and returning traffic entering our network. It stops at the asa.

I have enclosed the config file of the asa.

thx Marc

Hi Collin,

I created a packet capture on the inside interface. You can see that the http traffic is returning correctly.

Marc

Has it something to do with nat exempt?

Hi, I solved the problem. I had to add a tunneled interface on the inside network.

thx,

Marc

Marc-

Glad to hear you worked through it. Can you explain or give the command of your added tunnel interface?

Hi,

yes the command is:

route inside 0.0.0.0 0.0.0.0 137.120.xxx.xxx tunneled

Marc

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: