Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
3
Replies

ASA configuration

Go to solution
peteb41976
Level 1
Level 1

‎07-22-2008 09:11 AM

I've tried setting up the ASA 5505 multiple times. I am able to access the server from a client but cannot access the internet. As of right now, I have no need to set up a dmz, only inside and outside interfaces. I've also tried different cables but was under the impression that the ASA had auto-sensing capabilities. What I have noticed is that the ASDM "forces" you to set up a dmz. Any ideas on getting re-started? I'm not sure if this a problem but the ASA will be the only device configured between the internal network and the "outside".

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dhananjoy chowdhury
Level 5
Level 5

‎07-22-2008 09:49 AM

Here is a basic setup example from console

1. remove the existing config with command " write erase" and reboot

2. you will have a fresh box now... configure as per below example

Suppose your internal LAN is 10.0.0.0/24 and outside public IP is A.B.C.D1/24 and the default GW going towards internet is A.B.C.D2,

int f0/0

no shut

nameif Outside

security-level 0

ip address A.B.C.D1 255.255.255.0

int f0/1

no shut

nameif Inside

security-level 100

ip address 10.0.0.1 255.255.255.0

route outside 0 0 A.B.C.D2

nat(Inside) 5 0 0

global(Outside) 5 interface

View solution in original post

0 Helpful
3 Replies 3

Go to solution
dhananjoy chowdhury
Level 5
Level 5

‎07-22-2008 09:49 AM

Here is a basic setup example from console

1. remove the existing config with command " write erase" and reboot

2. you will have a fresh box now... configure as per below example

Suppose your internal LAN is 10.0.0.0/24 and outside public IP is A.B.C.D1/24 and the default GW going towards internet is A.B.C.D2,

int f0/0

no shut

nameif Outside

security-level 0

ip address A.B.C.D1 255.255.255.0

int f0/1

no shut

nameif Inside

security-level 100

ip address 10.0.0.1 255.255.255.0

route outside 0 0 A.B.C.D2

nat(Inside) 5 0 0

global(Outside) 5 interface

0 Helpful

Go to solution
peteb41976
Level 1
Level 1
In response to dhananjoy chowdhury

‎07-23-2008 06:10 AM

I can't believe how easy that was. Many thanks. One question I have is why would I use "nat(Inside) 5 0 0" and "global(Outside) 5 interface" as opposed to "nat(Inside) 1 0 0" and "global(Outside) 1 interface? "

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to peteb41976

‎07-23-2008 06:27 AM

You can use any number you like, it's a map from a NAT source to an IP(s). You can use more than one too. I typically use one for NATing all internal users to the outside interface IP. I then use another (2 for example) for a specific mapping, like an email server.

nat (inside) 1 0 0

global (outside) 1 interface

nat (inside) 2 10.10.1.5 255.255.255.255

global (outside) 2 [public IP & mask]

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card