Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1239
Views
0
Helpful
7
Replies

Static IP, ASA, Linksys Access Point Setup..

Oscar Castillo
Level 1
Level 1

‎01-31-2013 10:21 PM - edited ‎03-11-2019 05:55 PM

Hello all,

Question, does anybody know how to do the setup a linksys behind an ASA 5505?

I have everything configured, but the router (Linksys) does not get to the internet.

Anyone with the same setup?

Project: Verizon with a Static IP ---> ASA --> Linksys Router ..

I am able to ping from the ASA to outside world, but the linksys remains with no internet.

I do live with Roomates and I need to share my internet with them. I did upgrade my service to an static IP and I am able to run the setup in the ASA, WAN Ip.

I tried many ways to do the bridge setup mode in the linksys and nothing works.

I will need appreciate your help.

Thanks.

Labels:
0 Helpful
7 Replies 7

Rudy Sanjoko
Level 4
Level 4

‎02-01-2013 01:24 AM

I assume the DHCP is enabled and the linksys is getting the ip from the ASA, are you able to ping the ASA from the linksys? is there any access list on the ASA allowing the traffic? posting the config would be helpful.

0 Helpful

Oscar Castillo
Level 1
Level 1
In response to Rudy Sanjoko

‎02-01-2013 04:37 PM

Yes, I am able to ping the inside interface.

0 Helpful

i.va
Level 3
Level 3

‎02-01-2013 05:43 AM

How are you planning to connect the Linksys router? Routed or bridged mode? Maybe this will help: link

0 Helpful

Oscar Castillo
Level 1
Level 1
In response to i.va

‎02-01-2013 04:43 PM

AP Would be..

0 Helpful

Oscar Castillo
Level 1
Level 1

‎02-01-2013 04:36 PM

Guys, I am able to ping from the ASA to outside world, and inside ip, but when I try to browse over internet, the linksys (setup as AP) does not reach the internet.

Has been a week already with this issue.

FYI: AP I disable DHCP server and I do security setup just in the Wireless. I see that the AP gets an IP from the ASA, but cant get to internet...

ASA-VA(config)# sh run

: Saved

:

ASA Version 7.2(4)

!

hostname ASA-VA

domain-name default.domain.invalid

enable password EoP/WNlflrusvs6P2Qohmj encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

nameif inside

security-level 0

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 200.241.161.34 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

shutdown

!

interface Ethernet0/3

shutdown

!

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

!

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

access-list internet extended permit ip 192.168.1.0 255.255.255.0 any

access-list inside_access_out extended permit tcp any any

access-list LAN_Traffic extended permit ip any any

access-list LAN_Traffic extended permit ip 192.168.1.0 255.255.255.0 any

access-list DMZtoInside extended permit ip any any

access-list DMZtoInside extended permit tcp any any

access-list DMZtoInside extended permit udp any any

pager lines 24

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-625.bin

no asdm history enable

arp timeout 14400

nat-control

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

access-group internet in interface inside

route outside 0.0.0.0 0.0.0.0 200.241.161.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

aaa authentication enable console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 0.0.0.0 0.0.0.0 outside

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 60

console timeout 0

management-access inside

dhcpd dns 8.8.8.8

!

dhcpd address 192.168.1.20-192.168.1.30 inside

dhcpd enable inside

!

username vjasssssa password ssssssssymmJ/.j encrypted privilege 15

username o0000o password 7bzKAK0o/823lc6vvc encrypted privilege 15

username afgjejejsf password ggmMHjnJdssAASuqKt encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:a9ebd2eab336dc5e1a8dc02395c3e0d2

: end

ASA-VA(config)#

0 Helpful

James Leinweber
Level 4
Level 4
In response to Oscar Castillo

‎02-02-2013 08:39 AM

You don't want to try and double-NAT at both the ASA and the Linksys, so either the ASA should be in transparent mode, or the Linksys should be in bridge mode.

-- Jim Leinweber, WI State Lab of Hygiene

0 Helpful

Oscar Castillo
Level 1
Level 1

‎02-03-2013 05:04 AM

Guys, I found some tutorial how to fix this, I would paste the link here for future reference...

-- >

http://www.techrepublic.com/blog/smbit/setting-up-a-cisco-asa-5505-firewall-with-a-wireless-router/414

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card