Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot connect to Internet

Status
Not open for further replies.
Jeffcis

Jeffcis

IS-IT--Management
Aug 31, 2008
27
AU
Hi

For some reason my ASA 5505 router has stopped connecting to the internet. Few days, ago the ADSL router for some reason, it stopped functioning so it has to be replaced. So bought in a new ADSL router, configured and everything is working find. Configure the ASA WAN as DCHP client to obtain its ip from the adsl router its, running config is shown below.

Appreciate any help.

PIX# show running-config
: Saved
:
ASA Version 7.2(3)
!
hostname TarkettPIX
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
nameif LAN
security-level 100
ip address 10.49.0.5 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif WAN
security-level 0
ip address dhcp setroute
ospf cost 10
!
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list inside_access_in extended permit udp interface LAN interface WAN
access-list outside_access_out extended permit udp interface WAN interface LAN
access-list inside_access_out extended permit udp interface LAN interface WAN
access-list inside_access_out extended permit tcp interface LAN interface WAN
access-list LAN_access_in extended permit udp interface LAN interface WAN
access-list outside-in extended permit icmp any any
pager lines 24
logging asdm informational
mtu LAN 1500
mtu WAN 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (WAN) 1 interface
nat (LAN) 1 0.0.0.0 0.0.0.0
access-group LAN_access_in in interface LAN
access-group inside_access_out out interface LAN
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.49.0.0 255.255.255.0 LAN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface WAN
dhcpd auto_config WAN
!
dhcpd address 10.49.0.6-10.49.0.133 LAN
dhcpd enable LAN
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:33dfce0de2de061e11f4461fe3abd53b
: end


Jeffcis
 
Sort by date Sort by votes
no access-group LAN_access_in in interface LAN
no access-group inside_access_out out interface LAN
 
Upvote 0 Downvote
I cannot still connect, below is my latest running config


PIX# show running-config
: Saved
:
ASA Version 7.2(3)
!
hostname PIX
domain-name default.domain.invalid
enable password ZbQo4qnRYkNuQ.12 encrypted
names
!
interface Vlan1
nameif LAN
security-level 100
ip address 10.49.0.5 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif WAN
security-level 0
ip address dhcp setroute
ospf cost 10
!
interface Vlan3
no nameif
security-level 50
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/1
speed 100
duplex full
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
access-list inside_access_in extended permit tcp interface WAN interface WAN log

access-list inside_access_in extended permit udp interface LAN interface WAN
access-list outside-in extended permit icmp any any echo-reply
access-list outside-in extended permit icmp any any
access-list outside_access_out extended permit udp interface WAN interface LAN
access-list inside_access_out extended permit udp interface LAN interface WAN
access-list inside_access_out extended permit tcp interface LAN interface WAN
access-list LAN_access_in extended permit udp interface LAN interface WAN
pager lines 24
logging asdm informational
mtu LAN 1500
mtu WAN 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
nat (LAN) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.49.0.0 255.255.255.0 LAN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface WAN
dhcpd auto_config WAN
!
dhcpd address 10.49.0.6-10.49.0.133 LAN
dhcpd enable LAN
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:0fc4e95d23e17c21abc5c297efb98fb2
: end
TarkettPIX#
 
Upvote 0 Downvote
Put this back in

global (WAN) 1 interface



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Still no luck after adding the above config. I added some more access list but to no avail.

PIX# show running-config
: Saved
:
ASA Version 7.2(3)
!
hostname PIX
domain-name default.domain.invalid
enable password ZbQo4qnRYkNuQ.12 encrypted
names
!
interface Vlan1
nameif LAN
security-level 100
ip address 10.49.0.5 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif WAN
security-level 0
ip address dhcp setroute
ospf cost 10
!
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/1
speed 100
duplex full
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list inside_access_in extended permit tcp interface WAN interface WAN log

access-list inside_access_in extended permit udp interface LAN interface WAN
access-list outside-in extended permit icmp any any echo-reply
access-list outside-in extended permit icmp any any
access-list outside_access_out extended permit udp interface WAN interface LAN
access-list inside_access_out extended permit udp interface LAN interface WAN
access-list inside_access_out extended permit tcp interface LAN interface WAN
access-list LAN_access_in extended permit udp interface LAN interface WAN
access-list LAN_access_in_1 remark Implicit rule: Permit all traffic to less sec
ure networks
access-list LAN_access_in_1 extended permit 80 host 192.168.1.3 host 10.49.0.5
access-list LAN_access_in_1 remark Implicit rule: Permit all traffic to less sec
ure networks
access-list LAN_access_in_1 extended permit 53 host 192.168.1.3 host 10.49.0.5
access-list LAN_access_in_1 remark Implicit rule: Permit all traffic to less sec
ure networks
access-list LAN_access_in_1 extended permit ip host 192.168.1.3 host 10.49.0.5
access-list LAN_access_out extended permit udp host 10.49.0.5 host 192.168.1.3
access-list LAN_access_out extended permit ip host 10.49.0.5 host 192.168.1.3
access-list LAN_access_out extended permit tcp host 10.49.0.5 host 192.168.1.3
access-list WAN_access_in extended permit tcp host 192.168.1.3 host 10.49.0.5
access-list WAN_access_in extended permit udp host 192.168.1.3 host 10.49.0.5
access-list WAN_access_in extended permit ip host 192.168.1.3 host 10.49.0.5
pager lines 24
logging asdm informational
mtu LAN 1500
mtu WAN 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (WAN) 1 interface
access-group LAN_access_in_1 in interface LAN
access-group LAN_access_out out interface LAN
access-group WAN_access_in in interface WAN
route WAN 0.0.0.0 0.0.0.0 192.168.1.1 1
!
router rip
network 10.0.0.0
network 192.168.1.0
version 2
!
router ospf 100
network 10.49.0.0 255.255.255.0 area 0
network 0.0.0.0 0.0.0.0 area 0
log-adj-changes
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.49.0.0 255.255.255.0 LAN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface WAN
dhcpd auto_config WAN
!
dhcpd address 10.49.0.6-10.49.0.133 LAN
dhcpd enable LAN
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:fac72f169f8018f773772d92c1cdeece
: end
PIX#
 
Upvote 0 Downvote
take out all of the access lists and remove the access-groups. all traffic is allowed out by default. now take out this as well

route WAN 0.0.0.0 0.0.0.0 192.168.1.1 1

and out this back in
nat (LAN) 1 0.0.0.0 0.0.0.0


why do you have RIP and OSPF running? do you need them?


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
775
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
642
Johnkite
Johnkite
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
161
ISDPCMAN
ISDPCMAN
DivemasterBill
  • Locked
  • Question
Cannot connect via the SonicWall Login webpage
Replies
0
Views
159
DivemasterBill
DivemasterBill
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
147
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top