11-12-2010 10:31 PM - edited 03-11-2019 12:08 PM
I have a ASA 5510 ASA version 7.0.8 and ASDM 5.2. I am not familiar with the CLI and am using the ASDM.
I have connected the ASA 5510 as folllows:
DSL Modem/Router(DHCP Server : 192.168.10.x)------->ASA 5510 Ethernet 0/0(DHCP configured, security level 0, subnet 255.255.255.0)
Ethernet 0/1 (Static IP 192.168.15.1,security level 100, subnet 255.255.255.0) and Management Port (DHCP Server : 192.168.1.x, security level 100, subnet 255.255.255.0)--------->Switch--------->PC
In the above scenario using the ASDM Ping I can ping 4.2.2.2, 192.168.15.1, 192.168.10.3 (Ethernet 0/0) but can not ping any using the command prompt. When connected using Ethernet 0/1 my computer shows limited connectivity and can not connect to the ASA. Please can you explain how should ethernet 0/1 be configured to establish connectivity with the ASA and then to have internet access. I tried to enable DHCP server to provide an IP to the computer on Ethernet 0/1 but the ASDM gives an error Ethernet 0/1 is a client and can not be a server.
After this I need to create a VPN between the ASA and a 3G router over IPSEC.
Solved! Go to Solution.
11-15-2010 07:46 AM
Hi Prashant,
My guess was right.
The NAT statement is wrong.
Please add the following commands and
no nat (inside) 1 192.168.10.0 255.255.255.0
nat (inside) 1 0 0
Also, i guess the inside interface is shutdown because i dont see a connected route for the inside interface.
Please check that as well and let me know how it goes.
Cheers,
Avinash.
11-13-2010 07:15 AM
Prashant,
Oh boy ! lot on your plate - all with asdm?
Hmm...
inside hosts--(192.168.1.x)-inside-(E0/1)ASA(E0/0)-outside-192.168.10.x---DSL modem--Internet
5 steps to configuring a firewall to provide internet access - vpn is a completely diff. issue. Let us not combine that with this.
1. configure inside interface
2. configure outside interface
3. configure nat/global
4. configure default route on the ASA
5. configure dhcp on the ASA
Why don't you just copy and paste these via CLI on the ASA.
(1)
conf t
int E0/1
ip address 192.168.1.1 255.255.255.0
nameif inside
sec 100
no shut
exit
(2)
int E0/0
ip add dhcp setroute
nameif outside
sec 0
no shut
exit
(3)
nat (inside) 1 192.168.10.0 255.255.255.0
global (outside) 1 int
(4)
route outside 0 0 192.168.10.x (replace x with the last octet of the router IP address)
(5)
dhcpd dns 4.2.2.2 (you can replace 4.2.2.2 with your ISP provide dns server ip address)
dhcpd add 192.168.1.10-192.168.1.250 inside
dhcpd enable inside
That should do it. You should get IP address from the ASA for the inside computers. They should be able to reach the internet.
Now, if you need asdm help you should refer this link: http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/user.html
-KS
11-14-2010 11:48 PM
Hello
Thank you for your response.
But I continue to have the same problem.
(1)
conf t
int E0/1
ip address 192.168.1.1 255.255.255.0
After this it reports an error that the E0/1 can not overlap with IP address and subnet of Management Port so I configured E0/1 to 192.168.12.1, subnet 255.255.255.0.
After this I completed the commands as you mentioned.
However when I connect my computer to the ASA (E0/1) via switch I can only ping 192.168.12.1 but can not ping 192.168.10.3 (E0/0) and 192.168.10.1 (DSL modem/router).
Any suggestions please.
11-15-2010 05:09 AM
Hi Prashant,
Where is the 192.168.12.1 IP address configured ? Is that the inside interface IP address.
You wouldn't be able to ping thw 192.168.10.3 IP address considering, it is the outside interface IP address and you are pinging from the inside.
Please provide us the NAT configuration on the ASA and also paste the output of show xlate command on the ASA here for us to understand the issue better.
Also provide us the output of show route.
Cheers.
Avinash.
11-15-2010 05:50 AM
Hi Avinash
Yes 192.168.12.1 is the inside IP address.
The NAT configuration is as per the commands below:
nat (inside) 1 192.168.10.0 255.255.255.0
global (outside) 1 int
route outside 0 0 192.168.10.1
Result of the command in ASDM CLI: "show xlate"
0 in use, 0 most used
Result of the command in ASDM CLI: "show route"
S 0.0.0.0 0.0.0.0 [1/0] via 192.168.10.1, outside
C 192.168.1.0 255.255.255.0 is directly connected, management
C 192.168.10.0 255.255.255.0 is directly connected, outside
Regards
Prashant
11-15-2010 07:46 AM
Hi Prashant,
My guess was right.
The NAT statement is wrong.
Please add the following commands and
no nat (inside) 1 192.168.10.0 255.255.255.0
nat (inside) 1 0 0
Also, i guess the inside interface is shutdown because i dont see a connected route for the inside interface.
Please check that as well and let me know how it goes.
Cheers,
Avinash.
11-15-2010 09:02 AM
Hi Avinash
Thanks a lot you got it working.
Now I am to my next step of configuring a VPN. I will keep you updated.
11-16-2010 10:27 PM
Hello
I was next trying to configure IPSEC VPN between ASA 5510 and a 3G router using the VPN wizard in ASDM.
However, I am not able to configure it.
1. Is it possible to put a DDNS address in Peer IP address because the 3G router has dynamic IP.
2. Please can you assist in configuration.
Regards
Prashant
11-17-2010 12:16 AM
Hi Prashant,
I think you opened a discussion in VPN section.
Let us continue there.
Cheers,
Avinash.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide