ASA 5505 / DHCP, Static IP, and NAT help

Unanswered Question
Dec 9th, 2007
User Badges:

Greetings everyone!


I have an ASA 5505 and I'm having a couple of issues and I need some help with something.


First, I have a computer on the network that will not connect to the internet when I set the IP manually. If it connects to the ASA via DHCP, it works fine, but manually it fails. What can I do to fix this?


Also, this computer needs to have a few ports sent to it, to make it "open". I am using ASDM and have no clue how to get this to work. Any help would be great.


Thanks all!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
husycisco Mon, 12/10/2007 - 05:30
User Badges:
  • Gold, 750 points or more

Hi Chris

First, let computer obtain IP from DHCP. Then Start>Run>Cmd>ipconfig /all . Note down the acquired IP address, gateway! subnetmask and DNS! addresses, and try assigning these values manually.

"Also, this computer needs to have a few ports sent to it, to make it "open". I am using ASDM and have no clue how to get this to work" please describe what you want to achieve, you want this internal IP to be reached from outside using a public IP (Port forwarding) ?


Regards

interknox Mon, 12/10/2007 - 05:55
User Badges:

Thanks for the response! I'll try doing the manual setup via your advise. Won't DHCP mess up though?


What I need are some ports to be NAT'd to the machine I'm talking about above. I have no clue how to do this on the command line, so I use ASDM. Any help would be apprecaited!!!

husycisco Mon, 12/10/2007 - 06:23
User Badges:
  • Gold, 750 points or more

No DHCP wont mess up. But my personal advise is not using Cisco DHCP, since you can not make reservations. Now you can assign the IP address that you btained from DHCP manually, and can use it without any problem untill its lease expires.


Do you have a specific public IP to be one-to-one natted to internal client or you want to use the outside interface IP?

interknox Mon, 12/10/2007 - 06:29
User Badges:

I'd like to use the outside interface IP, as it's an ATT DSL line, without a static IP setup.

husycisco Mon, 12/10/2007 - 07:03
User Badges:
  • Gold, 750 points or more

all you have to do is


static (inside,outside) tcp interface portnumber internalip portnumber netmask 255.255.255.255

access-list outside_access_in permit tcp any interface outside eq portnumber


Regards

husycisco Tue, 12/11/2007 - 01:41
User Badges:
  • Gold, 750 points or more

Chris, any update?


Please do not forget to accept the comment as an answer which resolved your issue


Regards

interknox Tue, 12/11/2007 - 05:27
User Badges:

I'll try this later on today and let you know. Sorry for the delay.

Actions

This Discussion