Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1609
Views
10
Helpful
16
Replies

Trying to pass internet with a Cisco ASA 5505

Go to solution
msittnick
Level 1
Level 1

‎04-02-2013 07:15 PM - edited ‎03-11-2019 06:22 PM

Hello,

   I have not been having much success configuring my 5505 for Internet access, and I'm sure there are a few small things I'm missing.  At times I believe I got it to the point where I could ping, but still not pass through the Internet traffic.  At this point, I reset the 5505 and only changed a couple of settings. 

I have an external range with these characteristics: Network Address 67.139.113.16 (.17 is Gateway), SM: 255.255.255.248, available IP: 67.139.113.218

The external connection is through a T1 modem, and when I put those settings in my laptop, I can access just fine.

When I went through the startup wizard in the ADSM, I maded the internal interface 10.209.0.3, subnet mask: 255.255.255.0

I selected PAT in the Wizard, but don't know if I should have, or if the NAT rules I tried to put in are fine.

Eventually I want to add a Site to Site VPN to the rest of the 10.0.0.0 network, but I can't even pass the Internet through to the inside.

Also, this will eventually be behind another hosted firewall, so I'm not worried about restricting access, even currently.

However, I suspect the problem is that traffic is being blocked with the NAT rules or Access rules.
I wish I could just disable those inherent deny rules

Outside of pings to 10.209.0.3, all pings come back as request timed out.

Can someone please review this, and see if they notice anything I can change?

I do appreciate it....

Config: 

: Saved
:
ASA Version 8.2(5) 
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.0.0.0 Eventual
name 10.209.0.0 Local
name 67.139.113.216 T1
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 0
 ip address 10.209.0.3 255.0.0.0 
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 67.139.113.218 255.255.255.248 
!
!
time-range Indefinite
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object ip
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 Local 255.255.255.0 any time-range Indefinite 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 0.0.0.0 0.0.0.0 dns tcp 255 255  udp 255
access-group inside_access_in in interface inside
route inside 0.0.0.0 0.0.0.0 67.139.113.217 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http Eventual 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint _SmartCallHome_ServerCA
 crl configure
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 10.209.0.201-10.209.0.232 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd auto_config outside interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
!
service-policy global_policy global
prompt hostname context 
call-home reporting anonymous
Cryptochecksum:d3c4872f997a93984332213f98fbe12b
: end
asdm location Eventual 255.0.0.0 inside
asdm location Local 255.255.255.0 inside
asdm location T1 255.255.255.248 inside
asdm history enable
Labels:
0 Helpful
16 Replies 16

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to msittnick

‎04-03-2013 04:21 PM

Hello,

Yeah

Hey remember to rate all of the helpful posts ( just hit the stars buttom at the left of each of my messages, 1 being bad 5 being good ) That is as important as a thanks

We are missing the question as answered Can you do that as well

Glad to hear that everything is good now

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
msittnick
Level 1
Level 1
In response to Julio Carvajal

‎04-04-2013 05:36 PM

Now I'm just trying to get the VPN tunnel to work! 
I actually have the tunnel up; just not passing the private data...
https://supportforums.cisco.com/thread/2209637

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card