Need help configuring my first ASA

scdigital · ‎08-31-2011

Hi Guys, I'm trying to learn Cisco ASA IOS commands, i have bought myself a 5505 ASA for my home network and plan to implement it. Can you give me some pointers in how best to configure it.

I have attached a diagram of how i want my network to look. The internet connection is via the Virgin Media cable modem.

Any pointers would be appreciated.

Mohammed Hamzeh · ‎09-02-2011

Hi Steven

your setup is very basic, the interface facing the the virgin modem should be your outside interface (security lvl 0), regarding the inside and DMZ, it depends, if you want to be able to access the NAS server from the internet I suggest that you put it in the DMZ (lvl 50), if not then you should put it in the inside interface along with the AP

let me know if you have any questions

scdigital · ‎09-02-2011

Thanks for the reply Mohammed. I have configured the outside and inside interfaces with relevant security levels.

I need to know how traffic will pass through the ASA > Virgin Media Modem and out to the internet.

My virgin media modem ip is 192.168.0.1

I have set the followingon the ASA:

Interface vlan1

nameif inside

security-level 100

ip address 10.0.0.1 255.255.255.0

Interface vlan2

nameif outside

security-level 0

ip address 192.168.0.2 255.255.255.0

Interface Ethernet0/0

switchport access vlan 2

------------------------------------------------------------------------------------------------

I will ignore my NAS for the time being until i get the rest workin , I do eventually want it in the DMZ to do some web stuff with.

Thanks for your help.

scdigital · ‎09-05-2011

bump

mulhollandm · ‎09-05-2011

steven

have a quick look at this

its pretty basic but it shold give your internet access

you'll need dns servers to resolve internet urls etc

hope this helps

http://harrisandrea.articlesbase.com/networks-articles/stepbystep-configuration-guide-for-the-cisco-asa-5505-firewall-803076.html

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/inspect_overview.html

Julio Carvajal · ‎09-05-2011

Hello Steven,

The links that mulhollandm are great, they explain all you need to do in order to be able to go to the outside from your network.

So with your topology In order to go to the internet from your inside network you will need to add these commands:

Nat (inside) 1 0 0

Global (outside) 1 interface

route outside 0 0 192.168.0.1

Then lets test it just to confirm its working

packet-tracer input inside tcp 10.0.0.2 1025 4.2.2.2 80

Let me know the result of this output.

Best Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

scdigital · ‎09-07-2011

Thanks for the help guys. I am using IOS 8.3. are the NAT commands that you stated correct for this IOS? I read that you need to create an object.

Thanks

mulhollandm · ‎09-07-2011

steven

have a look at the link below

https://supportforums.cisco.com/docs/DOC-9129

this config below should work but confirm it with the link

object network inside-network

subnet 0.0.0.0 0.0.0.0

object network inside-network

nat (inside,outside) dynamic interface

hope this helps and don't forget to rate the post