No announcement yet.

ASA 5510 Problem Accesing Internet

  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA 5510 Problem Accesing Internet


    I configured my ASA 5510 with a T1 and I can ping publics domain successfuly from my firewall but I can not but from my lan I can not access Internet. Below is my confiugartion. Please help me:

    matyonkers(config)# sh run
    : Saved
    ASA Version 8.2(1)
    hostname matyonkers
    enable password YjMKbtBBW1l0zqdk encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    interface Ethernet0/0
    description Linea Externa
    nameif Externa
    security-level 100
    ip address
    interface Ethernet0/1
    nameif Interna
    security-level 0
    ip address 10.1.x.x
    interface Ethernet0/2
    no nameif
    security-level 0
    no ip address
    interface Ethernet0/3
    no nameif
    security-level 0
    no ip address
    interface Management0/0
    nameif management
    security-level 100
    ip address
    ftp mode passive
    dns domain-lookup Externa
    dns domain-lookup Interna
    dns server-group PublicDns
    dns-group PublicDns
    access-list Externa_access_in extended permit ip any any
    access-list Interna_access_in extended permit ip any any
    access-list Externa_cryptomap extended permit ip any any
    access-list Externa_access_in_1 exten
    access-list Externa_access_in_1 extended permit tcp any any eq https
    access-list Externa_access_in_1 extended permit tcp any any eq www
    access-list Interna_access_in_1 extended permit ip any any
    access-list Externa_access_out extended permit ip any any
    pager lines 24
    logging asdm informational
    mtu Externa 1500
    mtu Interna 1500
    mtu management 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (Externa) 101
    global (Externa) 101 interface
    nat (Externa) 0
    nat (management) 101
    access-group Externa_access_in_1 in interface Externa
    access-group Externa_access_out out interface Externa
    access-group Interna_access_in_1 in interface Interna
    route Externa 1
    route Interna 10.1.x.x 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http management
    http Externa
    no snmp-server location
    no snmp-server contact
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map Externa_map0 1 match address Externa_cryptomap
    crypto map Externa_map0 1 set peer
    crypto map Externa_map0 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-
    crypto isakmp policy 5
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 10
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address Externa
    dhcpd dns interface Externa
    dhcpd enable Externa
    dhcpd address management
    dhcpd enable management
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    username admin password eY/fQXw7Ure8
    tunnel-group type ipsec-l2l
    tunnel-group ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    message-length maximum 512
    message-length maximum client auto
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    service-policy global_policy global
    prompt hostname context
    : end

  • #2
    Re: ASA 5510 Problem Accesing Internet

    Your nat and global commands don't have the same nat id. The id is what binds the internal nat command to the global.

    global (Externa) 101
    global (Externa) 101 interface
    nat (Externa) 0

    should be nat nat (inside) 1
    global (outside) 1

    Assuming u use nat id 1 and your interfaces are named inside and outside
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)