I'm a proud owner of a new ASA 5505. I've gone through the getting started guide and some other documentation and can't seem to get the routes/rules right to get my inside interface (192.168.1.0/24) to my outside interface (my.public.i.p) to get to the internet. Although I didn't understand where to specifically define my.public.i.p gateway, is that something the ASA figures out on its own?
I've tried adding a static route for the inside like so: ip:192.168.1.0/24 gw:192.168.1.1 (inside interface IP) and it claims the route exists already.
So, I tried to create an access rule:
Outgoing rule allowing inside network to go to "any" and for some reason the wizard defines it, but then adds its own "deny" rule directly underneath. I trace the packets and they're getting dropped by some built-in implicit rules defined by the ASA.
What is this newbie overlooking?
I'm simply trying to set up my device and at least get the 1 PC that has access to the ASDM out to the internet and I can't even do that... This is one SERIOUS device coming from my limited networking background.
I thought walking through the wizards would at least get me on the internet, but it's not working...
I was looking at some debugging logging and when I try to go to google.com for instance I get a "No route to My.External.dns.ip from 192.168.1.2 (The internal IP of the PC I'm connected to the ASA directly)
Recommended action is to add a route... Ok, I try to define a route, but ASA tells me the route already exists... Must be a rule thing I'm not understanding. Thanks again!
great, no, you are not wide opened to any inside hosts until you create one-to-one nats for inside hosts to be access from outside, of course creating access-list to control the access from outside to inside for that.