Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1157
Views
0
Helpful
6
Replies

Cisco ASA5525 routing

sigurd.myhre
Level 1
Level 1

‎03-09-2017 04:54 AM - edited ‎03-08-2019 09:40 AM

Hello,

I need some help with my Cisco ASA 5525, i'm trying to set up the routing on the router. I have a static IP from my ISP so i need to use NAT.

I'm pretty new into routing so i need all the help i can get. The problem is that i cant get any trafic trough the router. 

Any thoughts on my running config?

3DE#show runn
Building configuration...

Current configuration : 1435 bytes
!
! Last configuration change at 13:03:52 UTC Mon Mar 6 2017
!
version 15.4
no service timestamps debug uptime
no service timestamps log uptime
no service password-encryption
!
hostname 3DE
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.59.19.0 10.59.19.100
!
ip dhcp pool 3DPool
network 10.59.19.0 255.255.255.0
default-router 77.106.155.125
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FCZ200860D4
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 77.106.155.126 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.59.19.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 77.106.155.125
ip route 10.59.19.0 255.255.255.0 77.106.155.125
!
ip access-list extended NAT
permit ip 10.59.0.0 0.0.255.255 any
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

Labels:
0 Helpful
6 Replies 6

Julio E. Moisa
VIP
VIP

‎03-09-2017 05:27 AM

Hi

I am a little bit confused, the configuration above belongs a router but you mentioned an ASA, Please correct me if I understanding wrong.

The following line is not required on your router, because the subnet is directly connected

ip route 10.59.19.0 255.255.255.0 77.106.155.125

The NAT config should be

ip access-list standard NAT
permit ip 10.59.19.0 0255.255.255 

Ip nat inside source list NAT interface G0/0 overload

The rest of the configuration looks good for a router.

Now,

If you are going to create a default route on the ASA, you need to configure:

route <nameif connected to the ISP> 0.0.0.0 0.0.0.0 <IP next hop>

example

route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1

or 

route OUTSIDE 0 0  1.1.1.1

And You need to configure static routes to know the internal subnets, example:

route INSIDE 192.168.1.0 255.255.255.0 10.0.0.1
route INSIDE 192.168.2.0 255.255.255.0 10.0.0.1

Now if you are going to use the ASA to provide Internet access you need to configure a NAT on it.

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

sigurd.myhre
Level 1
Level 1
In response to Julio E. Moisa

‎03-10-2017 04:05 AM

Hello Julio,

You're correct in that the config file is infact from an Cisco 1921 router. I'm an student at an school and we have some equpiment here that neither we as the students or the teachers are familiar with. So we are going to use the ASA for our router in the future here in our classroom (We have our own internettconection with the ISP). I thought that the config would be the same as for the 1921 as it was for the ASA becuase we are only going to use the routing function on the ASA. If you would have the time to help us a bit with the ASA that would be great since we really need to get the routing sorted fast. I'm only at the school between (Timezone+1) 0745-1500 mon-fri. So if you could send me a private message that would be great since we have quite a few questions! 

Best regards:)

0 Helpful

Julio E. Moisa
VIP
VIP
In response to sigurd.myhre

‎03-10-2017 11:31 AM

Hi my friend.

Apologies for the late response, no problem please let me share the config with you.

Regards 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

sigurd.myhre
Level 1
Level 1
In response to Julio E. Moisa

‎03-10-2017 11:42 AM

Hello again,

As i said i wont be at the school again before Monday, can you help us then? And do you have any live chatting that you would like for us to use so we could communicate faster and easier? I have Facebook if you want to use that.

Best regards 

0 Helpful

Julio E. Moisa
VIP
VIP
In response to sigurd.myhre

‎03-22-2017 02:16 PM

Hi Sigurd,

Apologies for the late response, a busy week, I would like to continue with the configuration of the Router and ASA.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎03-09-2017 06:55 AM

Hi,

Agree and to add with Julio comments , you can refer to below link as well for more clarification.

ASA 5525 Configration

Hope it Helps..

-GI

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card