ASA 5510 Problem Accesing Internet

Home Forums Networking Cisco Security – PIX/ASA/VPN ASA 5510 Problem Accesing Internet

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    wilfredos
    Member
    #161137

    Hello,

    I configured my ASA 5510 with a T1 and I can ping publics domain successfuly from my firewall but I can not but from my lan I can not access Internet. Below is my confiugartion. Please help me:

    matyonkers(config)# sh run
    : Saved
    :
    ASA Version 8.2(1)
    !
    hostname matyonkers
    enable password YjMKbtBBW1l0zqdk encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface Ethernet0/0
    description Linea Externa
    nameif Externa
    security-level 100
    ip address 199.27.204.xxx 255.255.255.248
    !
    interface Ethernet0/1
    nameif Interna
    security-level 0
    ip address 10.1.x.x 255.255.255.0
    !
    interface Ethernet0/2
    shutdown
    no nameif
    security-level 0
    no ip address
    !
    interface Ethernet0/3
    shutdown
    no nameif
    security-level 0
    no ip address
    !
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.1.100 255.255.255.0
    management-only
    !
    ftp mode passive
    dns domain-lookup Externa
    dns domain-lookup Interna
    dns server-group PublicDns
    name-server 209.220.118.xxx
    name-server 209.220.118.xxx
    dns-group PublicDns
    access-list Externa_access_in extended permit ip any any
    access-list Interna_access_in extended permit ip any any
    access-list Externa_cryptomap extended permit ip any any
    access-list Externa_access_in_1 exten
    access-list Externa_access_in_1 extended permit tcp any any eq https
    access-list Externa_access_in_1 extended permit tcp any any eq www
    access-list Interna_access_in_1 extended permit ip any any
    access-list Externa_access_out extended permit ip any any
    pager lines 24
    logging asdm informational
    mtu Externa 1500
    mtu Interna 1500
    mtu management 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (Externa) 101 199.27.204.xxx-199.27.204.xxx
    netmask 255.255.255.248
    global (Externa) 101 interface
    nat (Externa) 0 0.0.0.0 0.0.0.0
    nat (management) 101 0.0.0.0 0.0.0.0
    access-group Externa_access_in_1 in interface Externa
    access-group Externa_access_out out interface Externa
    access-group Interna_access_in_1 in interface Interna
    route Externa 0.0.0.0 0.0.0.0 199.27.204.xxx 1
    route Interna 0.0.0.0 255.255.255.0 10.1.x.x 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.1.0 255.255.255.0 management
    http 199.27.204.xxx 255.255.255.255 Externa
    no snmp-server location
    no snmp-server contact
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map Externa_map0 1 match address Externa_cryptomap
    crypto map Externa_map0 1 set peer 199.27.204.xxx
    crypto map Externa_map0 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-
    AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DE
    S-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto isakmp policy 5
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 10
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 199.27.204.xxx-199.27.204.xxx Externa
    dhcpd dns 209.220.118.xxx 209.220.118.xxx interface Externa
    dhcpd enable Externa
    !
    dhcpd address 192.168.1.101-192.168.1.254 management
    dhcpd enable management
    !
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    username admin password eY/fQXw7Ure8
    tunnel-group 199.27.204.xxx type ipsec-l2l
    tunnel-group 199.27.204.xxx ipsec-attributes
    pre-shared-key *
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    message-length maximum client auto
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:e6ac5f601be71bb02d07a11d07e5e63f
    : end

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.