Announcement

Collapse
No announcement yet.

ASA-5510 Outbound traffic Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA-5510 Outbound traffic Issues

    I have a new ASA-5510 appliance. Ran through with the wizard to create External and Internal interfaces. The problem is, I cannot seem to get internal clients to hook outside. I cannot even ping the external interface!

    Based on the documentation, internal clients should, BY DEFAULT, be immediately able to access the Internet. Rules are supposed to be done afterwards to control this DEFAULT OPEN ACCESS.

    My ISP can ping my external interface but I cannot from inside.

    Am I missing anything? Please help.

    Thanks in advance guys!

  • #2
    Re: ASA-5510 Outbound traffic Issues

    As it is setup you cannot ping the external IP address from an inside host. That is normal so don't worry.
    You should be able to log onto it though and test you can ping public IP addresses and internal hosts. If that works then you are likely missing a NAT / Global statement.
    Can you log onto it and post the config?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: ASA-5510 Outbound traffic Issues

      thanks for the swift reply andy.

      i cannot ping anything beyond my internal interface. i was told by the ISP tech that i should be able to ping the gateway but i cannot.

      as per your question, i can log via ASDM. not that much of a net techie. how do i extract the config pls?

      thanks again!

      Comment


      • #4
        Re: ASA-5510 Outbound traffic Issues

        Can you try telnetting to the device? I'm afraid I don't use the ASDM so not sure what to say for that but the commands are:
        telnet 1.1.1.1
        config terminal
        write terminal

        1.1.1.1 is the internal IP and you will likely need to supply passwords

        You may/may not be able to ping the router at the other side of the device.
        Do you have link lights for both interfaces?
        I think you said your ISP could ping the ASA? That sounds unlikely, do they mean they can ping their router?

        If you can telnet onto the ASA then you should be able to try pinging the router, a public IP and then an internal IP and see what does/doesn't work.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: ASA-5510 Outbound traffic Issues

          Once you connect to the ADSM you should be able to pick "Show running config in a window" from the File menu.

          Copy and paste it into Notepad and edit anything you don't us to see, then post it.

          Hobie

          Comment


          • #6
            Re: ASA-5510 Outbound traffic Issues

            Will have to remember that, thanks Hobie. Never used ASDM or PDM.
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: ASA-5510 Outbound traffic Issues

              Andy -

              It's kinda sad, but I learned on the GUI.. now I'm going back and trying to figure out the CLI..

              Hobie

              Comment


              • #8
                Re: ASA-5510 Outbound traffic Issues

                jrdebug - any luck?

                Hobie - not sad at all. I use windows all the time and that is gui (mainly)!
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: ASA-5510 Outbound traffic Issues

                  by default the ASA will allow connections from a higher security level to a lower security level i feel u must have set the internal users to have a higher security level of 100 while the outside will have sec-level of 0 Then you use your nat statement to hide ur internal add scheme then create an access-list that would allow traffic bac to the internal users apply this acl to the interface it should work

                  Comment

                  Working...
                  X