Solved: Firewall question

papathimiu · ‎04-10-2015

Hi

I have a new ASA 5505

I have place it after the service provides cable modem.

I have created 2 vlans.

Interface e0/0 is part of the vlan 2.

Vlan 2 has an ip address of 192.168.0.2 255.255.255.0

The name is outside so by default the security level is 0

Interface 0/1 is part of vlan 1

Vlan 1 has ip address of 192.168.1.1 255.255.255.0

The name is inside so by default the security level is 100

I created a route that sends all traffic to the 192.168.0.2

I can ping the 192.168.0.1 but not anything out on the internet.

am I supposed to do NAT?

Can anyone give an example please?

David Johan Castro Fernandez · ‎04-12-2015

Hi,

On this case, the default route is incorrect, you should send packets to the next hop,

Example:

route outside 0.0.0.0 0.0.0.0 192.168.0.1

On this case you should not do any NAT, since the next hop will do all the NAT. Make sure to see if those packets are being forwarded correctly by the edge router.

Please proceed to rate and mark as correct the helpful Post!

David Castro,

Regards,

View solution in original post

David Johan Castro Fernandez · ‎04-12-2015

Hi,