Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3520
Views
5
Helpful
17
Replies

Beginner ASA5500 setup help.

Kyle_McIver
Level 1
Level 1

‎01-09-2010 03:16 PM - edited ‎03-11-2019 09:55 AM

I hate to be that guy begging for help, but this is absolutley the first time I have worked on firewalling & routing at all so I guess it is what it is.  Please forgive my excessive lack of knowledge on the subject.  I have an ASA5505 that I am having a difficult time getting to do what I want.

If i turn DHCP server on in my ISP router and plug a single workstation into the ASA where the workstation recieves a DHCP address from the firewall (or any combination of static IP addresses within this range so long as the inside interface is not changed from the default 192.168.x.x) the out of the box config will work and the workstation can access the internet in this manner:

ISP router -> ASA -> workstation.

In this scenario the ISP router is performing the NAT from internal to public IP.


As soon as I start doing anything else to try to configure the device to fit into my internal IP scheme nothing works right.  I am trying to reconfigure the "inside" interface to the IP addressing scheme I already have setup and set the outside interface to something between the ASA and the ISP router.A simple single switched internal network gaining internet access.

I could just reconfigure my DHCP server to make everything inside work with the cisco out of the box config or let the ASA do the DHCP for the network, but at this point I want to actually learn how to manipulate this device correctly.

I've found a basic config guide from Cisco and the network diagram here is pretty much what I want:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094768.shtml#configshttp://www.cisco.com/image/gif/paws/10136/19a_update.gif

I have set the firewall up this way on a couple occasions with no success thus far.

Do I need to to setup the ISP firewall in a pass through mode and let the ASA do the NAT translation?  Is there something else I am missing?

any help is appreciated.

thanks

McIver

Labels:
0 Helpful
17 Replies 17

SOL10
Level 1
Level 1
In response to Kyle_McIver

‎01-13-2010 01:54 AM

Kyle

this is very strange. Have you ran ethereal on your segment to see the DHCP request and replies?

a long shot - but, could it be an arp issue (if you;ve changed IP's of the inside interface of the firewall to be one of the DHCP server?

Im guessing you now have internet connectivity?  - the DHCP request should not be getting as far the ASA - so to me it looks like an issue on the server side.

regards

0 Helpful

JEFF SPRADLING
Level 1
Level 1
In response to SOL10

‎01-13-2010 08:17 AM

Kyle,

Have you tried to turn off or disable the ASA, then test DHCP?  If it still doesn't work, you'll know for sure it's not a firewall issue.

Regards,

Jeff

0 Helpful

Kyle_McIver
Level 1
Level 1
In response to JEFF SPRADLING

‎01-13-2010 12:05 PM 

jspradling wrote:
Kyle,
Have you tried to turn off or disable the ASA, then test DHCP?  If it still doesn't work, you'll know for sure it's not a firewall issue.
Regards,
Jeff

I just did this this morning when a room mate was keeping me up @ 4am.  bypassed the asa and there was no change.  now i am thoroughly confused.  The company has been running on that DHCP for over a year with zero problems, save for when my domain contoller accidently got set to recieve a DHCP address. lol, oops.

Is it possible that it coincidently went out the same day I put the firewall in?

The DHCP is on nthe same box as my secondary domain controller and primary DNS and both of those are working as they should.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card