ASA5505 no route inside to outside

Discussion in 'Cisco' started by only1j, May 5, 2011.

  1. only1j


    May 5, 2011
    Likes Received:
    I needed to set up a new vlan. I thought I did everything correctly, but evidently did not. I am unable to go outside from the new vlan. I get an ip, which comes from the internal dhcp server, the interface is up, link is up. I just cannot get out. Below is part of the config. Any help greatly appreciated!!!

    Result of the command: "sh run"

    : Saved
    ASA Version 7.2(2)
    hostname NA
    domain-name NA
    enable password 3AdZPyMAFzf9RNMm encrypted
    interface Vlan1
    nameif inside
    security-level 100
    ip address
    interface Vlan2
    nameif outside
    security-level 0
    ip address
    interface Vlan12
    no forward interface Vlan1
    nameif new vlan
    security-level 100
    ip address
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    switchport access vlan 12
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    passwd 3AdZPyMAFzf9RNMm encrypted
    ftp mode passive
    dns server-group DefaultDNS
    domain-name NA
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu new vlan 1500
    ip local pool nana_POOL mask
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-522.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1
    nat (new vlan) 0 access-list new vlan_nat0_outbound
    access-group outside_access_in in interface outside
    route outside 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    no eou allow clientless
    group-policy nana internal
    group-policy nana attributes
    dns-server value
    vpn-tunnel-protocol IPSec
    ipsec-udp enable
    split-tunnel-policy tunnelall
    split-tunnel-network-list value nana_splitTunnelAcl_1
    default-domain value NA
    nac-default-acl value nana
    client-firewall none
    url-list value nana
    group-lock value nana
    vpn-group-policy nana
    dhcpd enable new vlan

    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect pptp
    service-policy global_policy global
    url-list nana "nana" 1
    prompt hostname context
    : end
    only1j, May 5, 2011
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.