cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3671
Views
5
Helpful
17
Replies

Beginner ASA5500 setup help.

Kyle_McIver
Level 1
Level 1

I hate to be that guy begging for help, but this is absolutley the first time I have worked on firewalling & routing at all so I guess it is what it is.  Please forgive my excessive lack of knowledge on the subject.  I have an ASA5505 that I am having a difficult time getting to do what I want.

If i turn DHCP server on in my ISP router and plug a single workstation into the ASA where the workstation recieves a DHCP address from the firewall (or any combination of static IP addresses within this range so long as the inside interface is not changed from the default 192.168.x.x) the out of the box config will work and the workstation can access the internet in this manner:

ISP router -> ASA -> workstation.

In this scenario the ISP router is performing the NAT from internal to public IP.


As soon as I start doing anything else to try to configure the device to fit into my internal IP scheme nothing works right.  I am trying to reconfigure the "inside" interface to the IP addressing scheme I already have setup and set the outside interface to something between the ASA and the ISP router.A simple single switched internal network gaining internet access.

I could just reconfigure my DHCP server to make everything inside work with the cisco out of the box config or let the ASA do the DHCP for the network, but at this point I want to actually learn how to manipulate this device correctly.

I've found a basic config guide from Cisco and the network diagram here is pretty much what I want:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094768.shtml#configshttp://www.cisco.com/image/gif/paws/10136/19a_update.gif

I have set the firewall up this way on a couple occasions with no success thus far.

Do I need to to setup the ISP firewall in a pass through mode and let the ASA do the NAT translation?  Is there something else I am missing?

any help is appreciated.

thanks

McIver

17 Replies 17

Kyle

this is very strange. Have you ran ethereal on your segment to see the DHCP request and replies?

a long shot - but, could it be an arp issue (if you;ve changed IP's of the inside interface of the firewall to be one of the DHCP server?

Im guessing you now have internet connectivity?  - the DHCP request should not be getting as far the ASA - so to me it looks like an issue on the server side.

regards

Kyle,

Have you tried to turn off or disable the ASA, then test DHCP?  If it still doesn't work, you'll know for sure it's not a firewall issue.

Regards,

Jeff

jspradling wrote:

Kyle,

Have you tried to turn off or disable the ASA, then test DHCP?  If it still doesn't work, you'll know for sure it's not a firewall issue.

Regards,

Jeff

I just did this this morning when a room mate was keeping me up @ 4am.  bypassed the asa and there was no change.  now i am thoroughly confused.  The company has been running on that DHCP for over a year with zero problems, save for when my domain contoller accidently got set to recieve a DHCP address. lol, oops.

Is it possible that it coincidently went out the same day I put the firewall in?

The DHCP is on nthe same box as my secondary domain controller and primary DNS and both of those are working as they should.

Review Cisco Networking for a $25 gift card