minimum config to bring up int

Unanswered Question
Nov 7th, 2007

Good Day,

I have a brand new ASA 5510 and started with the default configuration. (I'm pretty new to this)

The fundamental problem that I am facing is that I cannot get any interface other than management to come up after configuring with an IP, security level, name and the "no shut" command.

The interface is configured for auto speed/dup and physical links are good.

I applied a "permit any any" acl both in and out on the inside and outside, set security level of all interfaces to match and allowed traffic between them, and to the best of my knowledge established static nat between the inside interface IP and an IP on the same subnet as the outside interface.

At this point I'm not concerned with passing traffic, I'm just wondering what is the minimum configuration necessary to get an interface from down to up.

Any pointers greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Wed, 11/07/2007 - 12:15

Bill, it is assume you have inside and outside interface connected to some sort of devices like an interneal swith for your inside interface and external switch for outside interface, is this the case? when you do " show interface " interface will show " down " until it is connected to something.



ihouse205 Wed, 11/07/2007 - 12:32

Yes, both inside and outside are connected. Inside to a laptop, outside to a switch.

JORGE RODRIGUEZ Wed, 11/07/2007 - 12:38

I think you may need a cross over cable if connecting directly from laptop to ASA, is the " inside " interface the one shows " down " .

ihouse205 Wed, 11/07/2007 - 12:47

According to the configuration guide, as long as the speed and duplex are set for auto, mdi/mdx will be auto as well. That said, I have tried both crossover and straight through on both inside and out and both remain down.

JORGE RODRIGUEZ Wed, 11/07/2007 - 13:14

Hmmm, strange.. can you hardcode both ends for speed and dup for sake of toubleshooting,

and see if interface do come up, hardcode both ends inclduing laptop.

interface Ethernet0/0

nameif outside

security-level 0

ip address x.x.x.x

speed 100

duplex full

no shutdown

interface Ethernet0/1

nameif inside

security-level 1000

ip address x.x.x.x

speed 100

duplex full

no shutdown


This Discussion