New to ASA - Cable Modem IWth Static Ip Question

bchyka · ‎07-31-2010

H

ello everyone,

My friend's small medical building's firewall guy got sick and is in the hospital. They moved into a new building and thy have a brand new Cisco 5505 unlimited license. They have Time Warner Biz Class 35meg down/10 up with a cable modem and 5 static ips.

I was trying t oconfigure this for them because biz is opening Monday. I set the inside interface on vlan1 with ip address 192.168.10.1 and the outside interface on e0/0 with one of the static ips. i also set a route for 0.0.0.0 0.0.0.0 outside interface 1.

i can ping external ips form the asa but i cannot get out to the internet from th einside network ( workstations etc.). Do i need to nat/pat or both? also can someone help me with the correct commands? i am researching as we speak.

thanks for any iinput.

Bob

Nagaraja Thanthry · ‎07-31-2010

Hello,

To start, please try the following commands:

int vlan 2

nameif outside

security-level 0

ip address

access-group outside_access_in in interface outside

Hope this helps.

Regards,

NT

bchyka · ‎07-31-2010

thanks! I will be onsite in 90 minutes. i still think i need to set up NAT. am

i wrong?

Nagaraja Thanthry · ‎07-31-2010

Hello,

Yu are right. You need to setup NAT. The commands I included in my earlier

post (global/NAT) achieve the same.

Hope this helps.

Regards,

NT

bchyka · ‎07-31-2010

great i

will give it a shot. thanks!

bchyka · ‎07-31-2010

hmm here is my config. i can't get out to the internet. from the console i c

an ping devices on the internet. i think my nat is wrong.

Nagaraja Thanthry · ‎07-31-2010

Hello,

Please try the following:

no nat (inside,outside) source dynamic any interface

object network LAN

subnet 192.168.10.0 255.255.255.0

nat (inside,outside) dynamic interface dns

Hope this helps.

Regards,

NT

bchyka · ‎07-31-2010

Thanks greatly apprciated...works great..tomorrow I need to do ipsec vpn for a few users...I might hit you up again..