cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7245
Views
0
Helpful
20
Replies

Help with basic config for ASA 5505

Andy White
Level 3
Level 3

Hello,

I've tried so many config methods I'm not confused on the issue.

I have a DSL modem from Virgin Media and if I plug my laptop into it it gives me a public IP and I can get on the internet, it is doing some sort of DHCP.  Now I have put the outside of the firewall into this port and configured the ASA as best as I can but I can't get on the internet from the inside, can you think of any reason why it isn't working?

ASA Version 9.1(3)

!

hostname ciscoasa

enable password RHohe4nol/SZU8wm encrypted

names

!

interface Ethernet0/0

switchport access vlan 99

!

interface Ethernet0/1

switchport access vlan 10

!

interface Ethernet0/2

switchport access vlan 10

!

interface Ethernet0/3

switchport access vlan 10

!

interface Ethernet0/4

switchport access vlan 10

!

interface Ethernet0/5

switchport access vlan 10

!

interface Ethernet0/6

switchport access vlan 10

!

interface Ethernet0/7

switchport access vlan 10

!

interface Vlan10

nameif inside

security-level 100

ip address 192.168.0.1 255.255.255.0

!

interface Vlan99

nameif outside

security-level 0

ip address dhcp setroute

!

ftp mode passive

same-security-traffic permit intra-interface

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network inside-network

subnet 0.0.0.0 0.0.0.0

access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 any

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

!

object network inside-network

nat (inside,outside) dynamic interface

access-group inside_access_in in interface inside

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 192.168.0.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet timeout 5

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 0

dhcp-client client-id interface outside

dhcpd auto_config outside

!

dhcpd address 192.168.0.10-192.168.0.254 inside

dhcpd dns 4.2.2.2 interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

username admin password /duR4QE encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Thanks

20 Replies 20

Thanks, that makes sense to me know.

Also why did the mac address insertion fix my main issue on the outside interface? (whoops I see you replied to this already)

Message was edited by: Andy White

Before reloading the ASA, have you tried flapping the outside interface (shut, no shut)?

--

Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts

No luck with the "shut" "no shut" I'm afraid.  I will proceed with the debug and captures.

When I google Virgin Media and ASAs it seems it can be done, but like you say it could be a version issues too.  Will be back later with some more info, thanks guys.

Some ISPs might filter vendors as they only wish for you to connect a PC  not a router/firewall or whatever device that will provide access to  more than one PC.

Value our effort and rate the assistance!

Value our effort and rate the assistance!

Any other option would require troubleshooting and it could be related to layer 2.

Value our effort and rate the assistance!

Very detailed reply
Review Cisco Networking for a $25 gift card