I have the outside interface setup for DHCP that connects to comcast.
My inside interface is 192.168.69.1 and is setup to provide DHCP for my internal LAN.
I have never logged into a firewall before and as I quickly found out the commands are not like my routers and switches.
I finally gave in and have been using the ASDM. I just want to allow everything from the inside out. I didn't think it would be this difficult!
The access rules don't make sense to me. The outside in has an implicit deny rule for IP by default. I would assume this means that nothing can make a connection from the outside in? So why does it block my ping replies but it will allow me to surf the web??
I have a work laptop that won't connect to a VPN through the ASA, the logs say "regular translation creation failed for protocol 50"
I have enabled as much as I can and still can't figure this out. At this point I'm not even sure if I'm blocking anything... heh Well it must be blocking something cause my VPN still doesn't work.
ASA Version 7.2(3)
enable password xxx
ip address 192.168.69.1 255.255.255.0
ip address dhcp setroute
ip address 192.168.70.1 255.255.255.0
switchport access vlan 2
ftp mode passive
dns server-group DefaultDNS
same-security-traffic permit intra-interface
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit esp any any
access-list outside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit esp any any
access-list inside_access_in extended permit icmp any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 norandomseq
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.69.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.69.100-192.168.69.150 inside
dhcpd domain mydomain.net interface inside
dhcpd update dns both override interface inside
dhcpd enable inside
prompt hostname context
Basically, is there an easy way to allow everything out and block anything on the inside from creating a connection inside?