cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1054
Views
0
Helpful
2
Replies
Beginner

ASA 5505 internet connectivity

HI,

I am new to the Cisco world, so any support/patience would be appreciated. I have been having a hell of a time trying to get internet to the inside laptop through this ASA.

I have basically started fresh, from a clean image. We bought these with the expectation that we would be able to configure them using the GUI for what we need, which up till this point doesn’t seem to be the case.

I will tell you how I have this setup,  I have our ADSL going to a modem acting as a bridge with a static IP supplied by the ISP. If i connect a laptop to that modem and set the static ip on the laptop, I get internet access fine.

So I then connect the modem to ethernet0/0 and the laptop to ethernet 0/1

I connect to the ASDM and run the startup wizard with the following:

·         Outside ip : 87.87.87.87 255.255.252.0 (this works on the lappy straight to the modem)

·         Inside ip : 192.168.10.1 255.255.255.0

·         No dmz

·         I am enabling DHCP server on the inside interface (although I don’t need this I just want to see the internet work through this ASA so thought this might be the easiest option) with a DHCP pool 192.168.10.5-200 and checked the box to “enable auto-configuration from interface: outside”

·         Using PAT to the Outside interface IP

So I was thinking it should all be pretty simple.

Click Finish, it goes off and does its thing, comes back and then I release and renew IP on laptop, it picks up a ip address in the new range, but still no net. I try running it a few times, it just says no changes were made. Am I missing something. I thought this should be as easy as that with this very simple configuration I am using.

Below is my running config, obviously nothing looks to shocking so anything you could do to help me out would be greatly appreciated.

ciscoasa# show running-config

: Saved

:

ASA Version 8.3(1)

!

hostname ciscoasa

domain-name AltusWPASA

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.10.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 87.87.87.87 255.255.252.0

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns server-group DefaultDNS

domain-name WPASA

object network obj_any

subnet 0.0.0.0 0.0.0.0

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat (inside,outside) source dynamic any interface

!

object network obj_any

nat (inside,outside) dynamic interface

route outside 0.0.0.0 0.0.0.0 87.87.87.87 1

route outside 0.0.0.0 0.0.0.0 87.87.87.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

http 192.168.10.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.10.5-192.168.10.200 inside

dhcpd dns 8.8.8.8 8.8.4.4 interface inside

dhcpd auto_config outside interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:66dbe3d7ce61aa3bfcea837a5b72583c

: end

ciscoasa#

Cheers,

Simon Cassar

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: ASA 5505 internet connectivity

Hi Simon,

87.87.87.87 is the outside IP of the ASA, right? Could you remove the following command:

route outside 0.0.0.0 0.0.0.0 87.87.87.87 1

Let me know.

Regards,

Anu

P.S. Please mark the issue as resolved if it has been answered. Do rate helpful posts.

2 REPLIES 2
Highlighted
Cisco Employee

Re: ASA 5505 internet connectivity

Hi Simon,

87.87.87.87 is the outside IP of the ASA, right? Could you remove the following command:

route outside 0.0.0.0 0.0.0.0 87.87.87.87 1

Let me know.

Regards,

Anu

P.S. Please mark the issue as resolved if it has been answered. Do rate helpful posts.

Beginner

Re: ASA 5505 internet connectivity

That worked Anu. I guess coz I am using the ADSL router as a brige, I needed to set the route to the ISP's gateway IP. Having the route set to the outside IP does not work I take it.

Thanks alot for your help mate. Much appreciated.