ASA 5505 / DHCP, Static IP, and NAT help

Unanswered Question
Dec 9th, 2007

Greetings everyone!

I have an ASA 5505 and I'm having a couple of issues and I need some help with something.

First, I have a computer on the network that will not connect to the internet when I set the IP manually. If it connects to the ASA via DHCP, it works fine, but manually it fails. What can I do to fix this?

Also, this computer needs to have a few ports sent to it, to make it "open". I am using ASDM and have no clue how to get this to work. Any help would be great.

Thanks all!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Mon, 12/10/2007 - 05:30

Hi Chris

First, let computer obtain IP from DHCP. Then Start>Run>Cmd>ipconfig /all . Note down the acquired IP address, gateway! subnetmask and DNS! addresses, and try assigning these values manually.

"Also, this computer needs to have a few ports sent to it, to make it "open". I am using ASDM and have no clue how to get this to work" please describe what you want to achieve, you want this internal IP to be reached from outside using a public IP (Port forwarding) ?


interknox Mon, 12/10/2007 - 05:55

Thanks for the response! I'll try doing the manual setup via your advise. Won't DHCP mess up though?

What I need are some ports to be NAT'd to the machine I'm talking about above. I have no clue how to do this on the command line, so I use ASDM. Any help would be apprecaited!!!

husycisco Mon, 12/10/2007 - 06:23

No DHCP wont mess up. But my personal advise is not using Cisco DHCP, since you can not make reservations. Now you can assign the IP address that you btained from DHCP manually, and can use it without any problem untill its lease expires.

Do you have a specific public IP to be one-to-one natted to internal client or you want to use the outside interface IP?

interknox Mon, 12/10/2007 - 06:29

I'd like to use the outside interface IP, as it's an ATT DSL line, without a static IP setup.

husycisco Mon, 12/10/2007 - 07:03

all you have to do is

static (inside,outside) tcp interface portnumber internalip portnumber netmask

access-list outside_access_in permit tcp any interface outside eq portnumber


husycisco Tue, 12/11/2007 - 01:41

Chris, any update?

Please do not forget to accept the comment as an answer which resolved your issue


interknox Tue, 12/11/2007 - 05:27

I'll try this later on today and let you know. Sorry for the delay.


This Discussion