Solved: Re: Cisco ASA 5505 configuration

slesseni14 · ‎01-04-2012

Hi,

I have configured cisco ASA 5505 but I can't get access to internet using my laptop connected to the ASA. I did not use the console but the graphical interface for the configuration. I changed the inside adress of the ASA and it is 192.168.2.1. From the inside I can't ping the material in outside and from outside I can't ping the laptop connected to the ASA.

Here is my configuration:

Result of the command: "show running-config"

: Saved

:

ASA Version 8.2(5)

!

hostname xxxxxxxxxxxxxxxxx

domain-name xxxxxxxxxxxxxxxxxxx

enable password xxxxxxxxxxxxxx encrypted

passwd xxxxxxxxxxxxxxxxxxxx encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.2.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 192.168.1.48 255.255.255.0

!

ftp mode passive

dns server-group DefaultDNS

domain-name processia.com

access-list outside_access_in extended permit ip any any

access-list icmp_out_in extended permit icmp any any

access-list inside_access_in extended permit ip any any

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

ipv6 access-list outside_access_ipv6_in permit ip any any

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside_access_in in interface inside

access-group icmp_out_in in interface outside

access-group outside_access_ipv6_in in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.1.48 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

http 192.168.2.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.2.2-192.168.2.129 inside

dhcpd dns 80.10.246.2 80.10.246.129 interface inside

dhcpd ping_timeout 5000 interface inside

dhcpd domain xxxxxxxxxxxxxxxxx interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

policy-map global_policy

!

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:7e6f35db321b722ca60009b0c0dc706e

: end

Thank you for your help

mirober2 · ‎01-04-2012

Hi Sylla,

The static route you have configured for Internet access needs to be corrected:

route outside 0.0.0.0 0.0.0.0 192.168.1.48 1

The next hop address should be your ISP's gateway IP address and not the ASA's outside interface IP. Currently, both are configured for 192.168.1.48.

-Mike

View solution in original post

mirober2 · ‎01-04-2012

Hi Sylla,

The static route you have configured for Internet access needs to be corrected:

route outside 0.0.0.0 0.0.0.0 192.168.1.48 1

The next hop address should be your ISP's gateway IP address and not the ASA's outside interface IP. Currently, both are configured for 192.168.1.48.

-Mike

mobilemarthayward · ‎01-08-2012

This is your default route. You can also use ASDM and check mark (in WAN connection) to obtain default route and apply the config. You can also use outside interface instead of ip address.