01-31-2013 10:21 PM - edited 03-11-2019 05:55 PM
Hello all,
Question, does anybody know how to do the setup a linksys behind an ASA 5505?
I have everything configured, but the router (Linksys) does not get to the internet.
Anyone with the same setup?
Project: Verizon with a Static IP ---> ASA --> Linksys Router ..
I am able to ping from the ASA to outside world, but the linksys remains with no internet.
I do live with Roomates and I need to share my internet with them. I did upgrade my service to an static IP and I am able to run the setup in the ASA, WAN Ip.
I tried many ways to do the bridge setup mode in the linksys and nothing works.
I will need appreciate your help.
Thanks.
02-01-2013 01:24 AM
I assume the DHCP is enabled and the linksys is getting the ip from the ASA, are you able to ping the ASA from the linksys? is there any access list on the ASA allowing the traffic? posting the config would be helpful.
02-01-2013 04:37 PM
Yes, I am able to ping the inside interface.
02-01-2013 05:43 AM
How are you planning to connect the Linksys router? Routed or bridged mode? Maybe this will help: link
02-01-2013 04:43 PM
AP Would be..
02-01-2013 04:36 PM
Guys, I am able to ping from the ASA to outside world, and inside ip, but when I try to browse over internet, the linksys (setup as AP) does not reach the internet.
Has been a week already with this issue.
FYI: AP I disable DHCP server and I do security setup just in the Wireless. I see that the AP gets an IP from the ASA, but cant get to internet...
ASA-VA(config)# sh run
: Saved
:
ASA Version 7.2(4)
!
hostname ASA-VA
domain-name default.domain.invalid
enable password EoP/WNlflrusvs6P2Qohmj encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 0
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 200.241.161.34 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list internet extended permit ip 192.168.1.0 255.255.255.0 any
access-list inside_access_out extended permit tcp any any
access-list LAN_Traffic extended permit ip any any
access-list LAN_Traffic extended permit ip 192.168.1.0 255.255.255.0 any
access-list DMZtoInside extended permit ip any any
access-list DMZtoInside extended permit tcp any any
access-list DMZtoInside extended permit udp any any
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-625.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group internet in interface inside
route outside 0.0.0.0 0.0.0.0 200.241.161.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
console timeout 0
management-access inside
dhcpd dns 8.8.8.8
!
dhcpd address 192.168.1.20-192.168.1.30 inside
dhcpd enable inside
!
username vjasssssa password ssssssssymmJ/.j encrypted privilege 15
username o0000o password 7bzKAK0o/823lc6vvc encrypted privilege 15
username afgjejejsf password ggmMHjnJdssAASuqKt encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:a9ebd2eab336dc5e1a8dc02395c3e0d2
: end
ASA-VA(config)#
02-02-2013 08:39 AM
You don't want to try and double-NAT at both the ASA and the Linksys, so either the ASA should be in transparent mode, or the Linksys should be in bridge mode.
-- Jim Leinweber, WI State Lab of Hygiene
02-03-2013 05:04 AM
Guys, I found some tutorial how to fix this, I would paste the link here for future reference...
-- >
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide