cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1940
Views
0
Helpful
21
Replies
smith606306
Beginner

Cisco ASA 5505 (7.2) with public address

Can anyone help me with setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:

Network Address     Network Mask         BTnet NTE Router LAN Address

      

There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.

Attached is the config

21 REPLIES 21
Jon Marshall
VIP Community Legend

Andrew

To connect a router to an ASA you will need to use a crossover cable or put a switch in between and use straight thru cables.

Jon

Thanks John. BT had the interface ge0/1 port in no shutdown mode. The connection actually works with or without a crossover cable.

Andrew

Thanks for letting me know. Actually i was being a bit stupid (not an uncommon occurence ), as the ASA5505 has a built in ethernet switch so you wouldn't have needed a crossover at all.

Jon

I still cannot get it to work though. i can ping the gateway of int vl235 10.123.106.254 but nothing else.

I have also removed the route

  ' route inside 0.0.0.0 0.0.0.0 10.123.111.78 1'

Andrew

How are you testing - with ping ?

Have you tried connecing to a website.

If you want to test with ping then temporarily add this to your config -

access-list out_in permit icmp any any

access-group out_in in interface outside

and retest.

Also be aware that you cannot ping the outside interface IP of the ASA from the inside, it is a security feature. But you should obviously be able to ping devices outside the ASA.

Jon

no i can't pick up an IP address from the switch connected to port e0/2 on vlan 325

I want the ASA to give out DHCP addresses also

Andrew

The DHCP config on your firewall is fine. Are you sure the switch port the client is connected to is in the same vlan and that the connection from the switch to the ASA is also in the right vlan.

Apologies for basic questions but your config looks fine to me.

Jon

Port e0/2 of the ASA is plugged into port fa0/1 and my laptop is plugged into Fa0/2.

interface FastEthernet0/1

switchport access vlan 325

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 325

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 325

switchport mode access

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan325

ip address 10.123.106.251 255.255.255.128

ip helper address 10.123.106.254

no ip route-cache

!


!

Can you run these debug commands on the ASA and try again -

debug dhcpd event

debug dhcpd packet

Jon

Jon,

I dont get any output from these debug commands

Okay. You are sure vlan 325 exists on the switch in the vlan database ?

If so can you try this on the ASA -

access-list dhcp-acl permit udp any any range 67 68

capture dhcp-cap access-list dhcp-acl interface inside

and then see if you see any packets from the capture.

Jon

VLAN 325 is definitely in the vlan database. Still get no output.

i also got this

FSCOGLA5505-0001-1# sh dhcpd state

Context  Not Configured for DHCP

Interface outside, Not Configured for DHCP

Interface inside, Not Configured for DHCP

Interface Management, Not Configured for DHCP

FSCOGLA5505-0001-1#

Okay, i very rarely suggest this but can you save the config on the ASA, reboot and retest. It may simply be the ASA5505 has got itself into a state.

Jon

i have just added the 'dhcpd enable inside command' and i have now picked up an IP address.

I will reboot and test and let you know.

Thanks

Create
Recognize Your Peers
Content for Community-Ad