1. Home
  2. Cisco Systems
  3. ASA 5505 cannot ping Internet hosts by name?

ASA 5505 cannot ping Internet hosts by name?

From my internal XP client I can ping hosts by IP address but not by name. I also cannot surf the web since name resolution does not work. My XP client's default gateway and DNS setting points to 10.1.1.1, which is the inside interface of the ASA.

My Config is below, anyone? Thanks! >

ASA Version 8.0(3) ! hostname ciscoasa domain-name default.domain.invalid enable password xxxxxxxxxxx encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 10.1.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client vpdn group bellsouth ip address pppoe setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd xxxxxxxxxxx encrypted boot system disk0:/asa803-k8.bin ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid same-security-traffic permit intra-interface pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-603.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 route outside 0.0.0.0 0.0.0.0 65.14.x.x timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat

0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy http server enable http 10.1.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh timeout 5 console timeout 0 vpdn group bellsouth request dialout pppoe vpdn group bellsouth localname snipped-for-privacy@bellsouth.net vpdn group bellsouth ppp authentication pap vpdn username snipped-for-privacy@bellsouth.net password ********* store-local dhcpd auto_config outside ! dhcpd address 10.1.1.2-10.1.1.33 inside dhcpd enable inside !

threat-detection basic-threat threat-detection statistics access-list ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp inspect dns preset_dns_map ! service-policy global_policy global prompt hostname context :end

Reply to
gipper
Loading thread data ...

Hi gipper

I'm not 100% sure, but i think the PIX/ASA can't act as a dns server. I also take a look in the documentation, but i can't find any hint about. If I'm right, you must specify the DNS Server from your internal server (if you have one) or you give dns servers from your isp:

dhcpd dns 198.162.11.2 198.162.11.3

cu

Reply to
googlegroups

Point your clients at a DNS server and then DNS resolution should work. The ASA is not a DNS server.

Chris.

Reply to
Chris

For your setup to work, BellSouth needs to provide their DNS server info as part of PPP info

the

I do not have access to an ASA 5505 so cnannot provide the appropriate show or debug commands.

As an interim measure, config a "dhcpd dns" command manually

NameServer: AUTH-DNS.ASM.BELLSOUTH.NET 205.152.37.24 NameServer: AUTH-DNS.MIA.BELLSOUTH.NET 205.152.144.24 NameServer: AUTH-DNS.MSY.BELLSOUTH.NET 205.152.132.24

ping the above BellSouthe DNS server IP addresses to see which BellSouth DNS server responds the fastest from where you are.

dhcpd dns < insert BellSouth DNS server IP address here > interface inside

Then renew your DHCP lease on your PC and check output of ipconfig / all to see if PC was given the DNS server IP address that you manually configured on the ASA.

If so you should be able to ping by name

Then you can work on the original problem of getting DNS info passed automatically PPPOE -> ASA DHCP server --> PC (DHCL client)

Reply to
Merv

Guys, sorry I didn't explain it better, I'm not trying to make the ASA act as DNS, just trying to get it to pass through the DNS info from my ISP. Merv hit it on the head. What baffles me is that I had the entry checked in ASDM to enable DHCP auto configuration from interface outside, but that didn't seem to work? For some reason the ASA refuses to pass my BellSouth DNS server info to internal DHCP clients. My D-Link did this without an issue. Anyway, adding dhcpd dns x.x.x.x worked! I can't tell you how many hours I've spent troubleshooting this. Thank you Merv!!!!

Reply to
gipper

OP,

okay glad the workaround helped you out.

Now to get to the root cause of your issue.

Need to find out if BellSouth is passing the DNS server info via PPP

see Cisco docs "Configuring DHCP, DDNS, and WCCP Services"

formatting link

For example, to assign the range 10.0.1.101 to 10.0.1.110 to hosts connected to the inside interface, enter the following commands:

hostname(config)# dhcpd address 10.0.1.101-10.0.1.110 inside hostname(config)# dhcpd dns 209.165.201.2 209.165.202.129 hostname(config)# dhcpd wins 209.165.201.5 hostname(config)# dhcpd lease 3000 hostname(config)# dhcpd domain example.com hostname(config)# dhcpd enable inside

try command "show ip address outside pppoe" to see if beside display the IP{ address assigned during PPP negioations it also shows DNS server info

could also try

debug pppoe event debug pppoe packet

Need to clear interface or disconnect outside interfac eand then reconnect to tripper PPP to restart

So lets get to the point that you know you are gettign the DNS server info dynamiclally via PPP and then we can go from there.

Anyone knowing the correct ASA show commands fro this please jump in .

Merv

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.