Thank you, the second Link was very useful when used in combination with Paul Driver's suggestions.

I am now able to connect the computer and receive an IP via DHCP and connect to the internet. But now I can't access the ASDM GUI from the computer.

Here is what I did... 

factory-default completed from CLI

connected to ADSM, started wizard, steps 1-8 left default, step 9 I changed the ASA FirePower address to 192.168.2.2 / 255.255.255.0 / 192.168.2.1 step 10 - 12 left default

closed ADSM, connected to console for CLI

**see attached HyperTerminal_4.txt file for complete list of commands**

How do can I configure the ASA to allow access to the ASDM from the 192.168.2.0 subnet on the connected computer?

---

@paul driver wrote:

Hello

 

object network NATLAN
subnet 192.168.2.0 255.255.255.0

object-group network DEFAULT-PAT
network-object object NATLAN

access-list 100 extended permit icmp any object-group NATLAN echo-reply <------------allow echo-reply from WAN

nat (inside,outside) after-auto source dynamic DEFAULT-PAT interface
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0  xxx.xxx.xxx.118

For DHCP
dhcpd address 192.168.2.100-192.168.2.200 inside
dhcpd option 3 ip 192.168.2.254
dhcpd lease 7200 
dhcpd domain yourdomain.local
dhcp dns yyy.yyy.yyy.yyy  xxx.xxx.xxx.xxx
dhcpd enable inside

---

Paul, thank you for the detailed reply. I was using HyperTerminal and got some of the commands to work, but not all. I got an error back saying the NATLAN wasn't created and I couldn't create the new DHCP of xxx.xxx.2.0. Below is the text copy of my session, maybe you can see the error. I used back-space to correct spelling errors.. does that matter?

"

object network NATLAN
ciscoasa(config-network-object)# subnet 192.168.2.0 255.255.255.0
ciscoasa(config-network-object)# object-group network DEFAULT-PAT
ciscoasa(config-network-object-group)# network-object object NATLAN
ciscoasa(config-network-object-group)# access-list 100 extended permit icmp any$rmit icmp any object-group NATLAN echo-$ NATLAN echo-r eplyaccess-list 100 extended permit icmp an$
ERROR: specified object group <NATLAN> not found
ciscoasa(config)# access-list 100 extended permit icmp any object-group NATLAN $rmit icmp any object-group NATLAN e cho-replyaccess-list 100 extended permit icmp any object-group NATLAN$
ERROR: specified object group <NATLAN> not found
ciscoasa(config)# nat )inside       (inside,outside) after-auto source dymanaic      namoic   ic DEFAULT-PAT in$auto source dynamic DEFAULT-PAT int erfacenat (inside,outside) after-auto source dynamic DEFAULT-PAT i$

nat (inside,outside) after-auto source dynamic DEFAULT-PAT interface
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# nat(inside        inside      (inside,
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# nat (inside,outside) after-auto source dynamic DEFAULT-PAT in$auto source dynamic DEFAULT-PAT int erfacenat (inside,outside) after-auto source dynamic DEFAULT-PAT i$

nat (inside,outside) after-auto source dynamic DEFAULT-PAT interface
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# access-group 100 in interaf  face outside
ERROR: access-list <100> does not exist
ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.118  [the xxx's i added back to keep the IP anonymous]
ciscoasa(config)# dhcpd address 192.168.2.100-192.168.2.200 inside
Address range subnet 192.168.2.100 or 192.168.2.200 is not the same as inside interface subnet 192.168.1.1"

Can you copy suggest config to notepad see any special characters before you paste config on the device.

Hello

Apologies typo in my OP config - however make sure you change the subnets and ip address to accommodate your network, also your internal and external interface naming conventions should also match.

example:

int x/x
description lan interface
nameif inside
ip address 192.168.2.254 255.255.255.0

int x/x
description wan interface
nameif outside
ip address 1.1.1.117 255.255.255.252

object network NATLAN
subnet 192.168.2.0 255.255.255.0

object-group network DEFAULT-PAT
network-object object NATLAN

access-list 100 extended permit icmp any object-group DEFAULT-PAT echo-reply

nat (inside,outside) after-auto source dynamic DEFAULT-PAT interface
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.118

dhcpd address 192.168.2.100-192.168.2.200 inside
dhcpd option 3 ip 192.168.2.254
dhcpd lease 7200 
dhcpd domain yourdomain.local
dhcp dns yyy.yyy.yyy.yyy  xxx.xxx.xxx.xxx
dhcpd enable inside

Thank you for all your help so far, I am getting closer...

I am now able to connect the computer and receive an IP via DHCP and connect to the internet. But now I can't access the ASDM GUI from the computer.

Here is what I did... 

factory-default completed from CLI

connected to ADSM, started wizard, steps 1-8 left default, step 9 I changed the ASA FirePower address to 192.168.2.2 / 255.255.255.0 / 192.168.2.1 step 10 - 12 left default

closed ADSM, connected to console for CLI

**see attached HyperTerminal_4.txt file for complete list of commands**

How do can I configure the ASA to allow access to the ASDM from the 192.168.2.0 subnet on the connected computer?

Hello

---

@KP_CBCL wrote:

How do can I configure the ASA to allow access to the ASDM from the 192.168.2.0 subnet on the connected computer?

---

conf t

http server enable 443
http 192.16.2.0 255.255.255.0 inside

When attempting to enable, I get the following error (see below). And after some searching, I'm not sure how to correct the Ambiguous command error.

ciscoasa# config t
ciscoasa(config)#
ciscoasa(config)# http server enable 443
ciscoasa(config)# http 192.168.2.0 255.255.255.0 inside
ERROR: % Ambiguous command: "http 192.168.2.0 255.255.255.0 inside"

FIXED IT.. using 'http 192.168.2.0 255.255.255.0 ?'

It showed me the inside_1 - inside_7 were the available options, so i set all of them and now i can connect.