Showing results for 
Search instead for 
Did you mean: 


Cisco ASA 5505 (7.2) with public address

Can anyone help me with setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:

Network Address     Network Mask         BTnet NTE Router LAN Address


There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.

Attached is the config

Jon Marshall
VIP Community Legend


To connect a router to an ASA you will need to use a crossover cable or put a switch in between and use straight thru cables.


Thanks John. BT had the interface ge0/1 port in no shutdown mode. The connection actually works with or without a crossover cable.


Thanks for letting me know. Actually i was being a bit stupid (not an uncommon occurence ), as the ASA5505 has a built in ethernet switch so you wouldn't have needed a crossover at all.


I still cannot get it to work though. i can ping the gateway of int vl235 but nothing else.

I have also removed the route

  ' route inside 1'


How are you testing - with ping ?

Have you tried connecing to a website.

If you want to test with ping then temporarily add this to your config -

access-list out_in permit icmp any any

access-group out_in in interface outside

and retest.

Also be aware that you cannot ping the outside interface IP of the ASA from the inside, it is a security feature. But you should obviously be able to ping devices outside the ASA.


no i can't pick up an IP address from the switch connected to port e0/2 on vlan 325

I want the ASA to give out DHCP addresses also


The DHCP config on your firewall is fine. Are you sure the switch port the client is connected to is in the same vlan and that the connection from the switch to the ASA is also in the right vlan.

Apologies for basic questions but your config looks fine to me.


Port e0/2 of the ASA is plugged into port fa0/1 and my laptop is plugged into Fa0/2.

interface FastEthernet0/1

switchport access vlan 325

switchport mode access


interface FastEthernet0/2

switchport access vlan 325

switchport mode access


interface FastEthernet0/3

switchport access vlan 325

switchport mode access

interface Vlan1

no ip address

no ip route-cache



interface Vlan325

ip address

ip helper address

no ip route-cache



Can you run these debug commands on the ASA and try again -

debug dhcpd event

debug dhcpd packet



I dont get any output from these debug commands

Okay. You are sure vlan 325 exists on the switch in the vlan database ?

If so can you try this on the ASA -

access-list dhcp-acl permit udp any any range 67 68

capture dhcp-cap access-list dhcp-acl interface inside

and then see if you see any packets from the capture.


VLAN 325 is definitely in the vlan database. Still get no output.

i also got this

FSCOGLA5505-0001-1# sh dhcpd state

Context  Not Configured for DHCP

Interface outside, Not Configured for DHCP

Interface inside, Not Configured for DHCP

Interface Management, Not Configured for DHCP


Okay, i very rarely suggest this but can you save the config on the ASA, reboot and retest. It may simply be the ASA5505 has got itself into a state.


i have just added the 'dhcpd enable inside command' and i have now picked up an IP address.

I will reboot and test and let you know.


Recognize Your Peers
Content for Community-Ad