Thanks joelgooding, my IOS version is 9.1.

Also, just to clarify, the "ip route 0.0.0.0 0.0.0.0 ethernet 0/0" command is just going to route all traffic that can't be resolved internally, right?

...actually the "ip route..." part isn't even being accepted. Is there a different command for 9.1?

Okay, looks like I should use the command "route outside 0 0 [hostname or IP]". The ASA wants wither a hostname or IP here but I need to assign it to an interface instead of an IP (since I'm on a dynamic IP). Any ideas?

Yes. Ip route is for routers, route outside is for the ASA's. Got my devices mixed up there for a sec. If you are using DHCP on your outside interface , yes , you are going to have to use the interface name instead of the IP.

route outside 0.0.0.0 0.0.0.0 ethernet0/0

If you want to route internally between you LAN, you have to set up the relevant vlans and ip ranges and set up the static routes the same way as above. Remeber that your ASA needs a security license or a plus license to handle more than 3 vlans. If you have a base license you will need to upgrade should to want to route between more than 3 vlans.

let me know how it works out.

Joel

_______________________________
Please rate helpful posts and answered questions!

joelgooding wrote:
 If you are using DHCP on your outside interface , yes , you are going to have to use the interface name instead of the IP. 
route outside 0.0.0.0 0.0.0.0 ethernet0/0

No.

interface Vlan2

no ip address

 no shutdown

 ip address dhcp setroute

 nameif outside

 security-level 0

With DHCP, you don't need a route line in the config.

With fixed IP, if you add a default route pointing to the interface instead of next-hop address the firewall will send ARP requests for each dst Internet address. you can't add an interface name instead of a gateway address, the gateway is mandatory.

Thanks Peter. I had to make a couple of changes to your steps.

I am not able to do 'ip address dhcp setroute' on an interface - only a vlan, so I set ethernet0/0 to vlan 2 then...

interface vlan 2

ip address dhcp setroute

nameif outside

security-level 0

Also, I don't quite understand your last statement regarding the default route.

Hi,

you  are already specifying an interface( route outside) now you must tell the ASA to which next-hop it should forward the packet( this is your default gateway given to you by your ISP).

PORTCULLIS(config-network-object)# subnet 172.22.222.222 255.255.255.224

ERROR: network: IP address/mask <172.22.222.222/255.255.255.224> doesn't pair

the correct subnet with this mask is  x.x.x.224 not x.x.x.222

Regards.

Alain

Don't forget to rate helpful posts.

Thanks guys! Sorry for the delayed response. I just got back from vaca...

joelgooding - I have the security plus license. I will be installing it this weekend. I will also need to forward ports for my Exchange server, my Windows 8 test box (non-standard RDP port), my web server, and my VPN connection on my RRAS server. I'll be doing some web-crawling to get the ports and traffic types setup. If I have any more issues I'll start a new thread.

cadet alain - I thought either the subnet ID or the gateway IP went in after the 'subnet' command, as in - "subnet gateway IP [space] subnet". What do I need for both sets of octets? I am using the 255.255.255.224 subnet starting at the subnet ID 172.22.222.192 which gives me usable IP from 172.22.222.193 to 172.22.222.222.

Edit - I didn't get any errors when I used the subnet ID for the first IP. Does the below look right?

PORTCULLIS(config)# object network inside-outside-nat

PORTCULLIS(config-network-object)# subnet 172.22.222.192 255.255.255.224

I think I'm missing a step. Don't I need to set this object to the vlans? [sigh] I've got so much to learn. I'm already signed up for some online courses...

Just in case there's another newb stumbling with getting a basic config going 

The missing command was: nat (inside,outside) dynamic interface

That (with the previous commands) got the internet up and running.