Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
924
Views
0
Helpful
5
Replies

config firewall 5512

macboy276
Level 3
Level 3

‎06-23-2015 07:14 AM - edited ‎03-11-2019 11:10 PM

Hi, 

i am trying to configure my new firewall 5512. here is how i configure and not getting out to internet.

My internet service provider has also a cisco firewall place on premise which has the following configuration. 


interface GigabitEthernet0/0
 description Outside Interface
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address 14.15.14.7 255.255.255.252
!
interface GigabitEthernet0/1
 description Inside Interface
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 13.15.13.1 255.255.255.0
!

I have configure my local firewall with the following configuration.

!
interface GigabitEthernet0/0
 nameif inside
 security-level 100
 ip address 192.168.10.1 255.255.255.0 
!
interface GigabitEthernet0/1
 nameif outside
 security-level 0
 ip address 13.15.13.60 255.255.255.0 
!
route outside 13.15.13.0 255.255.255.0 13.15.13.1 1

i have configure a local computer with the following setting

192.168.10.32

255.255.255.0

192.168.10.1

what else is needed to get out to internet

 

 

Labels:
0 Helpful
5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

‎06-23-2015 07:32 AM

object-group network <OBJ-NAME> 
network-object 192.168.10.0 255.255.255.0

nat (inside,outside) after-auto source dynamic <OBJ-NAME> interface

Jon

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎06-23-2015 08:27 AM

Just noticed that your route needs changing ie. it should be -

route outside 0.0.0.0 0.0.0.0 <ISP next hop IP>

Also the previous post was to translate your private IPs to your public IP on the outside interface of your ASA.

Are you sure the ISP firewall is not doing the translations for you ?

If they are then you don't need the NAT setup.

Jon

0 Helpful

macboy276
Level 3
Level 3
In response to Jon Marshall

‎06-23-2015 08:27 AM

thanks it works, i also added NAT because ISP was not doing NAT.

now i have DMZ 


interface GigabitEthernet0/2
 nameif DMZ
 security-level 10
 ip address 192.168.20.1 255.255.255.0 

!

What should i do so it works. I have four to five server in DMZ.

Do i need to create a nat or route for this too?

 

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to macboy276

‎06-23-2015 08:29 AM

You don't need a route but it depends on what you want to do with those servers.

Are you wanting to provide access to the internet for these servers or do you want to allow internet access to them on certain ports ?

Jon

0 Helpful

macboy276
Level 3
Level 3
In response to Jon Marshall

‎06-23-2015 09:24 AM

the following is the config from old firewall

we host webserver and we want to be available on internet 

static (dmz,outside) 13.15.13.14 WEB netmask 255.255.255.255

static (inside,dmz) 192.168.2.73 Email_DNS netmask 255.255.255.255

static (inside,dmz) 192.168.2.77 serverex2 netmask 255.255.255.255

static (dmz,outside) 13.15.13.13 192.168.20.13 netmask 255.255.255.255

static (dmz,outside) 13.15.13.15 192.168.2.101 netmask 255.255.255.255

static (inside,dmz) 192.168.20.10 sIMS1 netmask 255.255.255.255

static (inside,dmz) 192.168.20.11 SEEX2 netmask 255.255.255.255

 

 

global (dmz) 1 192.168.20.21 netmask 255.255.255.255

global (dmz) 3 192.168.20.23 netmask 255.255.255.255

global (dmz) 4 192.168.20.24 netmask 255.255.255.255

global (dmz) 5 192.168.20.25 netmask 255.255.255.255

 

nat (dmz) 0 access-list dmz_nat0_outbound

nat (dmz) 2 DMZ_Subnet 255.255.255.0

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card