04-01-2020 06:18 PM
Alright, what I'm trying to do is receive an address from port E0/0 from the modem which is handing out a 10.0.0.1 /24 then try to do NAT/PAT so I can use internet through the firewall. The problem is...
object network obj_any
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) dynamic interface
above, these commands are not recognized so I'm not sure how to make this work. Below between the lines are what options are being shown.
--------------------------------------------------------------------------------------------------
ciscoasa(config)# object ?
configure mode commands/options:
icmp-type Specifies a group of ICMP types, such as echo
network Specifies a group of host or subnet IP addresses
protocol Specifies a group of protocols, such as TCP, etc
service Specifies a group of TCP/UDP ports/services
ciscoasa(config)# object
ciscoasa(config)# object network obj_any
ciscoasa(config-network)# ?
description Specify description text
group-object Configure an object group as an object
help Help for network object-group configuration commands
network-object Configure a network object
no Remove an object or description from object-group
ciscoasa(config-network)#
--> object network inside-subnet
--> subnet 192.168.50.0 255.255.255.0
--> nat (inside,outside) dynamic interface
Dont even exist for me either... so I'm lost on what to do. When I try to do nat (inside,outside) it only lets me do either nat (inside) or nat (outside) but not together.
----------------------------------------------------------------------------------------------
below is the running configuration for the asa firewall currently.
ciscoasa# show run
: Saved
:
: Serial Number: JMX0949K0DM
: Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz
:
ASA Version 8.2(5)59
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
description WAN
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif manage
security-level 100
ip address 192.168.100.2 255.255.255.0
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network inside-subnet
object-group network obj_any
access-list LAN standard permit 192.168.50.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu manage 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.100.0 255.255.255.0 manage
no snmp-server location
no snmp-server contact
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 75.75.75.75 75.75.76.76
!
dhcpd address 192.168.10.10-192.168.10.254 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username ryan password 6j/YDjhwvohLfNZU encrypted privilege 15
!
!
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:bf29234b062c86613c41aafd624e515d
: end
Solved! Go to Solution.
04-01-2020 06:31 PM
04-01-2020 06:31 PM
04-01-2020 06:39 PM
Ill upgrade it right now :) and ill get back to you.
04-01-2020 06:53 PM
It worked, why did
--> object network inside-subnet
--> subnet 192.168.50.0 255.255.255.0
--> nat (inside,outside) dynamic interface
not give me internet access but
but this one did?
object network obj_any
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) dynamic interface
04-01-2020 07:33 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide