Solved: Re:ASA Config Help

jwood1650 · ‎03-18-2013

I just got my ASA from ebay and I cleared the config out to start fresh. But now I can't seem to get my config to give me access to the internet. Please help...

route outside 0.0.0.0 0.0.0.0 24.234.118.193 1 --> that should be my default gateway from my ISP correct?

Ver Software Version 8.0(3)6

hostname Firewall

username XXXXX password XXXX privilege 15

interface Vlan1

nameif inside

security-level 100

ip address 10.0.10.1 255.255.255.240

!

interface Vlan2

nameif outside

security-level 0

ip address 24.234.XXX.XXX 255.255.255.224

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

switchport access vlan 1

!

interface Ethernet0/2

switchport access vlan 1

!

interface Ethernet0/3

shutdown

!

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

ftp mode passive

dns domain-lookup inside

!

dhcpd address 10.0.10.2-10.0.10.12 inside

dhcpd enable inside

!

dns domain-lookup outside

dns server-group DefaultDNS

name-server 8.8.8.8

name-server 8.8.4.4

!

pager lines 24

logging enable

logging asdm warnings

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 24.234.118.193 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

!

http server enable

!

threat-detection basic-threat

threat-detection statistics access-list

ntp server 64.147.116.229 source outside prefer

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect icmp

!

service-policy global_policy global

prompt hostname context

: end

write mem

jocamare · ‎03-18-2013

I guess you are talking about accessing to ASDM from the hosts connected to the wireless router.

You have to make sure the asa can reach the new network [the static route you mentioned] and also that it will accept HTTPS connections from that network as well.

"Http 192.168.0.0 255.255.255.0 inside"

View solution in original post

jocamare · ‎03-18-2013

Can you ping 24.234.118.193 from the asa?

Can you ping 24.234.118.193 from a host behind the asa?

Can you ping google.com from that same host? [use the name, not the IP]

jwood1650 · ‎03-18-2013

I get a No route to host when I ping the gateway.

Sent from Cisco Technical Support Android App

jocamare · ‎03-18-2013

Run a "show interface ip brief", if the outside shows as "admin down" make sure you have the "no shut" command applied on eth0/0.

jocamare · ‎03-18-2013

If it just shows as "down", make sure the cable is connected.

jwood1650 · ‎03-18-2013

I'm a idiot..............you don't even what to know what was wrong....(had my WAN pluged into e0/7 and not 0/0)....it works now...LOL thanks for the help

jocamare · ‎03-18-2013

That happens

jwood1650 · ‎03-18-2013

Routing question. I have my wireless router plugged into e0/1 how do I get access to my asa asdm from my wireless router?

Route 192.168.0.0 255.255.255.0 10.0.10.1 ???

Sent from Cisco Technical Support Android App

jocamare · ‎03-18-2013

I guess you are talking about accessing to ASDM from the hosts connected to the wireless router.

You have to make sure the asa can reach the new network [the static route you mentioned] and also that it will accept HTTPS connections from that network as well.

"Http 192.168.0.0 255.255.255.0 inside"

jwood1650 · ‎03-18-2013

that is what I thought...thanks for confirming. thanks again for the help.