cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
646
Views
0
Helpful
1
Replies

cisco asa 5505 basic configuration help needed.

brettpenza
Level 1
Level 1

I teach in a High School and we've got about a 300 node MS Windows Network.  Two MS2003 File Servers act as my DNS/WINS/DHCP servers.

We have been using a WATCHGUARD FIREBOX III to act as the router/gateway between the outside external address and my internal (10.0.0.1) gateway address.

All p.c's inside the network are routed to one of the Servers (10.0.0.2 or 10.0.0.4) for DNS/WINS/DHCP addressing.  The servers point to 10.0.0.1 for gateway.

We are trying to replace the Watchguard Firebox with a CISCO ASA 5505 (eventually we'd like to implement VPN).   When I connect the  CISCO ASA, I get no internet passthrough at all. 

I've gone through the quick config with ASDM software several times. Surfed the net for ideas, suggestions but still cannot get

it to function properly. Since I am hard to reach (teaching all day)

, I will pass the details and hope a tech person there can assist me

with a couple of ideas.

I am using the ASDM software to do all configurations. No command

line stuff.

1. I have configured the inside address for 10.0.0.1

255.255.0.0 this is our current gateway address for all inside

traffic.

2. I have configured the external address for 209.117.123.226

255.255.255.224.  This is our external address on our 10mg connection.

3. I have disabled the DHCP values. We have Windows 2003

servers that take care of all DHCP, WINS, DNS. We just want the

CISCO to route INTERNAL to EXTERNAL that's it. To do that, I enable

the PAT using the external interface as the IP.

When I connect the device into the network, I run ASDM. I can

see internal UP external UP but nothing will pass through. No

p.c.'s can get to internet.

Do I need to set up Access Lists? Tell the Cisco that there is

another DHCP server?

Either I'm missing something simple (I hope) or this is the most

complex router I've ever dealt with. I'm starting to think maybe I

should just stick with the old watch guard firebox.

Thanks for any help you can provide.


-Brett Penza

Holy Name High School

Worcester, MA

1 Reply 1

p.poissant
Level 1
Level 1

Under Configuration Device Setup In your interface Set you Ip address Info for Internal and External interfaces, make sure it is not management only

Under Configuration Device Setup Routing Setup a static route to your default gateway  ex.   0.0.0.0 0.0.0.0 GW IP

Under Configuration Firewall Objects Global Pools, create a Pool with your outside Interface with the 3rd option (PAT using IP address of the Interface)

Under Configuraton Firewall  Objects Network Objects,  create an object for your subnet  10.0.0.0 255.255.255.0

Under Configuration Nat Rules  Create a rule for the Inside Make it a Dynamic Policy from Your Subnet Object Destination Any translated to you Outside Interface Using the PAT address pool created earlier

Under Configuration Access Rule  Create a Rule under the Inside Interface to all traffic from your subnet object to anywhere with the Service you want start with IP then tweak it

Good Luck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco