Solved: Re: ASA 5506-X will not connect to Static IP address

dougreid · ‎02-04-2019

Configured a new ASA 5506-X for a client. It will connect to Cox Business when it is setup to pull an dynamic IP address on the outside interface. It will not connect to the static IP address that they have through Cox Business. It will not connect to the internet.

If we connect a laptop up directly to the cable modem and set the static address it will connect to the internet.

Here are the settings on the outside interface:

interface GigabitEthernet1/1
nameif outside
security-level 0
ip address xx.xx.xxx.xxx 255.255.255.224

mtu outside 1500

object network obj_any1
nat (inside_1,outside) dynamic interface
object network obj_any2
nat (inside_2,outside) dynamic interface
object network obj_any3
nat (inside_3,outside) dynamic interface
object network obj_any4
nat (inside_4,outside) dynamic interface
object network obj_any5
nat (inside_5,outside) dynamic interface
object network obj_any6
nat (inside_6,outside) dynamic interface
object network obj_any7
nat (inside_7,outside) dynamic interface

dhcpd auto_config outside

Thanks

Rob Ingram · ‎02-04-2019

@dougreid wrote:

- I tried to add a static route to the isp router but the ASA said it already existed.

I am not sure I understand this comment. The ASA would be configured with the static ip address, it would then be configured with a default route e.g. "route outside 0 0 <router ip>". What route did you add to the isp router and then why would the ASA say it already existed?

View solution in original post

Rob Ingram · ‎02-04-2019

The default route needs to be in this format - "route outside 0.0.0.0 0.0.0.0 <ISP router ip>"

The router IP is the ISP router's interface that is connected to the ASA, this interface should be pingable from the ASA itself.

View solution in original post

Rob Ingram · ‎02-04-2019

Hi,
How are you testing?
Can you ping anything on the internet from the ASA itself?
Can you please provide the output of "show route"?
Can you confirm you have a default static route on the ASA with a next-hop ip address of the isp router?
Is the ASA the default gateway for the computers of the local network?

dougreid · ‎02-04-2019

Testing

- when using DHCP to get IP address from Cox the external IP shows up in the ARP table and all computers connected to the ASA can see the internet

- When using Static IP address and subnet mask, it can see the router address xx.xxx.206.225 in the ARP table but not the static IP address.

- I will have to go to my client to get the show rout info

- I tried to add a static route to the isp router but the ASA said it already existed.

- ASA is the default gateway for the local network, 192.168.1.1

Rob Ingram · ‎02-04-2019

@dougreid wrote:

- I tried to add a static route to the isp router but the ASA said it already existed.

I am not sure I understand this comment. The ASA would be configured with the static ip address, it would then be configured with a default route e.g. "route outside 0 0 <router ip>". What route did you add to the isp router and then why would the ASA say it already existed?

dougreid · ‎02-04-2019

We saw on the web that a static route might be necessary.

Static IP setup only asked for IP address and netmask

The static route form asked for interface (outside), Network (192.168.20.1/24) and Gateway IP: xx.xx.xxx.225

Rob Ingram · ‎02-04-2019

The default route needs to be in this format - "route outside 0.0.0.0 0.0.0.0 <ISP router ip>"

The router IP is the ISP router's interface that is connected to the ASA, this interface should be pingable from the ASA itself.

dougreid · ‎02-04-2019

It is working now. Thanks for the help.