09-13-2007 06:49 AM - edited 03-05-2019 06:28 PM
<< GETTING REPLIES IN OTHER FORUM ALREADY - VIEW THAT ONE PLEASE >>
Hi,
I'm a proud owner of a new ASA 5505. I've gone through the getting started guide and some other documentation and can't seem to get the routes/rules right to get my inside interface (192.168.1.0/24) to my outside interface (my.public.i.p) to get to the internet. Although I didn't understand where to specifically define my.public.i.p gateway, is that something the ASA figures out on its own?
I've tried adding a static route for the inside like so: ip:192.168.1.0/24 gw:192.168.1.1 (inside interface IP) and it claims the route exists already.
So, I tried to create an access rule:
Outgoing rule allowing inside network to go to "any" and for some reason the wizard defines it, but then adds its own "deny" rule directly underneath. I trace the packets and they're getting dropped by some built-in implicit rules defined by the ASA.
What is this newbie overlooking?
I'm simply trying to set up my device and at least get the 1 PC that has access to the ASDM out to the internet and I can't even do that... This is one SERIOUS device coming from my limited networking background.
I thought walking through the wizards would at least get me on the internet, but it's not working...
TIA,
Kevin
UPDATE::
I was looking at some debugging logging and when I try to go to google.com for instance I get a "No route to My.External.dns.ip from 192.168.1.2 (The internal IP of the PC I'm connected to the ASA directly)
Recommended action is to add a route... Ok, I try to define a route, but ASA tells me the route already exists... Must be a route/rule thing I'm not understanding. Thanks again!
(This is also posted in getting started LANs but I think it belongs here... Sorry, I'll remove the other one)
09-13-2007 07:39 AM
How are you connected to the ISP internet from the ASA?
All you need to do is configure PAT and proper access-lists and a default route to the ISP
Here is a sample config
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.1.0 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address
Firewall(config)# nat (inside) 1 0 0
Firewall(config)# global (outside) 1 interface
access-list acl_out permit tcp 192.168.1.0 255.255.255.0 any eq www
access-group acl_out in interface inside
route outside 0.0.0.0 0.0.0.0
HTH
Narayan
09-13-2007 07:46 AM
Great Narayan - Now, how do I get that configuration, I'm using the GUI... I'm still learning my way around... Thanks!!
Oh - I have a static IP from my ISP.
Internet --> Cable Modem (basically a bridge) --> ASA 5505 --> PC (eventually a switch)
09-13-2007 08:10 AM
Even my firewall skills are a bit rusty.
I do not know how to use the ADSM or the GUI..
is there any problem using the CLI anyway :-)
Narayan
09-13-2007 08:12 AM
No, no issues at all using the CLI, I'm a vi CLI type guy!
If you're will to spit out the commands I'll do it.
Oh, I did add the 0.0.0.0 0.0.0.0
The other things you mentioned PAT and access lists, are those things I should definitely add on?
Thanks!
09-13-2007 08:10 AM
Even my firewall skills are a bit rusty.
I do not know how to use the ADSM or the GUI..
is there any problem using the CLI anyway :-)
Narayan
10-09-2007 02:50 AM
Hi Kcaporaso,
Have you tried to configure ASA using dhcp on the outside interface?
setup:
Internet--> ADSL router (half bridge)-->ASA 5505--> PC
I have been working around it for a couple of days, but still no effect. I also realised a static route should be added.My question is whether it is possible to obtain the external IP directly from ADSL router and have it present on outside interface?
Here is the result of "sh route":
ciscoasa(config)# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 10.1.1.1 to network 0.0.0.0
C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback
C 192.168.1.0 255.255.255.0 is directly connected, inside
S* 0.0.0.0 0.0.0.0 [1/0] via 203.109.128.91, outside
Any comments or advice would be greatly appreciated~~~~~
10-09-2007 10:08 AM
consider posting this as a New topic. I have 5 statics so I have not tried using DHCP on the external interface. I can tell ya that your Gateway of last resort looks a little odd. Mine is the default gateway of my ISP connection. I imagine it should look something like 203.109.128.x
Good luck!
10-09-2007 06:15 PM
Hi Kcaporaso,
Thanks for your help.
Actually, I am wondering how to post a thread as well.
As I am new to this forum, i didn't get used to the submit-a-topic section yet.
Consider it as a silly question:)
Cheers
Anita
Cheers
Anita
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: