06-02-2018 04:11 PM - edited 02-21-2020 07:50 AM
Hi, 1) The following config on an ASA5520 doesn't work-unable to provide Internet access for inside hosts. 2) how to upgrade the version to 7.2, see sh flash. Kindly advise.
Topology: Comcast/Xfinity>cable modem>0 int Asa5520>1 int> dumb switch.
Thanks in advance.
ciscoasa> en
Password: *******
ciscoasa# sh flash
Initializing disk0: cache, please wait....Done.
-#- --length-- -----date/time------ path
6 5474304 Jan 01 2003 00:04:50 asa706-k8.bin
7 5823980 Jul 07 2007 00:16:32 asdm506.bin
10 8312832 Jul 20 2007 06:53:16 asa722-k8.bin
11 5623108 Jul 20 2007 06:59:44 asdm-522.bin
230121472 bytes available (25305088 bytes used)
ciscoasa# sh run
: Saved
:
ASA Version 7.0(6)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password zN4MekdmaxjRpJL9 encrypted
names
dns-guard
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet0/1
speed 1000
duplex full
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd zN4MekdmaxjRpJL9 encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
route inside 0.0.0.0 0.0.0.0 192.168.20.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username said password XYjSJ3a.RNYXN3xw encrypted
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 192.168.20.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.20.3-192.168.20.18 inside
dhcpd dns 1.1.1.1
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd auto_config outside
dhcpd enable inside
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:fd2906823d92bc8cb385c3ecff36a641
: end
ciscoasa#
06-04-2018 08:25 PM
You’re not getting an address or route via DHCP. Until you resolve that, traffic will not flow.
06-04-2018 08:35 PM
06-05-2018 03:05 AM
Let's see once again:
- show route
- show run nat
- show run access-group
06-05-2018 06:11 AM
06-05-2018 06:19 AM
As I already noted, you are not getting an address or route assigned via DHCP. That's one problem that must be resolved and is not on the ASA.
Furthermore, the output you provided shows you did not enter the NAT commands I suggested earlier.
06-07-2018 03:44 PM
06-08-2018 04:08 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide