Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1074
Views
0
Helpful
1
Replies

Initial ASA 5505 setup

Go to solution
radioflyer1
Level 1
Level 1

‎08-05-2011 08:00 AM - edited ‎03-11-2019 02:08 PM

First I have to admit I am new to CISCO ASA devices so please bear with me.

I have a new Cisco ASA 5505 which I am trying to just setup so that all computers on the LAN can get to the internet (browsing and ping). My current setup attached. Any help to get me on the right track would be appreciated.

Labels:
111241-cisco.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Anu M Chacko
Cisco Employee
Cisco Employee

‎08-05-2011 08:09 AM

Hi Ry,

For in to out traffic, you need to configure NAT as follows:

no global (inside) 1 172.168.1.2-172.168.1.50 netmask 255.0.0.0

global (outside) 1 outside

The second command will PAT traffic to the outside interface. In the first command that you've configured, the traffic is being NAT-ed to a set of private IP addresses,  which is not routable over the Internet. If you dont want to use the second command, you can give a public range of IP addresses in the same subnet as that of the outside interface.

For pings, allow the return traffic  as follows:

access-list inside_access_out extended permit icmp any any echo-reply

Hope this helps!

Regards,

Anu

P.S. Please mark this question as resolved if it has been answered. Do rate helpful posts.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Anu M Chacko
Cisco Employee
Cisco Employee

‎08-05-2011 08:09 AM

Hi Ry,

For in to out traffic, you need to configure NAT as follows:

no global (inside) 1 172.168.1.2-172.168.1.50 netmask 255.0.0.0

global (outside) 1 outside

The second command will PAT traffic to the outside interface. In the first command that you've configured, the traffic is being NAT-ed to a set of private IP addresses,  which is not routable over the Internet. If you dont want to use the second command, you can give a public range of IP addresses in the same subnet as that of the outside interface.

For pings, allow the return traffic  as follows:

access-list inside_access_out extended permit icmp any any echo-reply

Hope this helps!

Regards,

Anu

P.S. Please mark this question as resolved if it has been answered. Do rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card