cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1556
Views
0
Helpful
2
Replies

Configuring Cisco ASA 5510 - VPN & Routing

BrandonWorks
Level 1
Level 1

Hello, I have a 5510 and I'm trying to configure it, unfortunately Cisco thinks no one needs to use their firewall. So why am I trying to still use it? Well it's free and I'm using it as a project. A project thats been going on for years and really has been giving me hell from the start.

 

1. I'm working with the ASA and trying to get VPN set up. I don't know what is going on, but I believe it's ZeroSSL's fault. Following the videos and online forums were not helpful trying to set up VPN access. I don't have magic so I can't just make something that doesn’t want to work like they can. Again, I don't know if it work or not because ZeroSSL wasn't working when I was trying to verify my domain, many, many times. 

So this is out.

 

2. Setting up the CA server locally also didn't work for me. Just do this, this and this and BAM, you’re done. Right? Nope. When I try to go to the page it told me to go (it's not a person so I have to guess). It's not loading, well why? I don't know, it's not being helpful and I could be typing 1 thing incorrectly and I would never know. 

 

3. Routing, what needs to be done to route VPN traffic, local traffic, and whatever else? I can't get internet over the interfaces it's set up for. This **bleep** thing doesn’t want to work like it's supposed to.

 

Using GUI when I can, the most available form of configuration is in the CLI when remoting into a computer via Parallels.

Current hardware configuration is office ISP ASA and then office ISP to internal office resources.

Versions: ASA 9.1(7)39 ASDM 7.9(2)152

Hardware: ASA 5510 stock, SFP and (int 1/0-1/3) extra RJ-45 expandable slot

Just tell me where we should start then we can dive into it more.

 

 

If anyone would like to offer there smarts and help me, this would be greatly appreciated!!! 

2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

Can you post the ASA configuration to look and advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz

: Written by enable_15 at 11:46:40.046 CDT Mon Aug 31 2020

!

ASA Version 9.1(7)29

!

hostname sparkfish01

domain-name brandon-long.net

enable password FjuZyP9YWJlQErqH encrypted

passwd FjuZyP9YWJlQErqH encrypted

names

!

interface Ethernet0/0

nameif AT&T

security-level 1

ip address dhcp setroute

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.0.1.0 255.255.0.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.0.0

!

interface GigabitEthernet1/0

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet1/1

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet1/2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet1/3

shutdown

no nameif

no security-level

no ip address

!

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns server-group DefaultDNS

domain-name brandon-long.net

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

pager lines 24

logging asdm informational

mtu AT&T 1500

mtu inside 1500

mtu management 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

!

nat (inside,AT&T) after-auto source dynamic any interface

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http 192.168.1.10 255.255.255.255 inside

no snmp-server location

no snmp-server contact

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpoint _SmartCallHome_ServerCA

no validation-usage

crl configure

crypto ca trustpoint ASDM_TrustPoint0

enrollment terminal

subject-name CN=sparkfish01.brandon-long.net

keypair zerossl.key

crl configure

crypto ca trustpoint ASDM_TrustPoint1

enrollment self

email admin@brandon-long.net

subject-name CN=brandon-long.net,O=sparkfish,St=tx,L=dallas office

proxy-ldc-issuer

crl configure

crypto ca trustpoint LOCAL-CA-SERVER

keypair LOCAL-CA-SERVER

crl configure

crypto ca trustpool policy

crypto ca server

crypto ca certificate chain _SmartCallHome_ServerCA

certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a


crypto ca certificate chain ASDM_TrustPoint1

certificate a993035f….


crypto ca certificate chain LOCAL-CA-SERVER

certificate ca 01….


telnet timeout 5

ssh stricthostkeycheck

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 0

dhcpd lease 86400 interface inside

dhcpd domain brandon-long.net interface inside

!

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp authenticate

ntp server 216.239.35.4 source inside prefer

ntp server 216.239.35.12 source management prefer

webvpn

enable AT&T

anyconnect-essentials

cache

disable

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

!

service-policy global_policy global

prompt hostname context

call-home reporting anonymous

Cryptochecksum:…
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: