Thanks for your reply,

Here's the present config

interface Vlan1

nameif inside

security-level 100

ip address 192.168.2.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd xxx

ftp mode passive

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-603.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.2.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.2.2-192.168.2.254 inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:xxx

: end

asdm image disk0:/asdm-603.bin

no asdm history enable

Its reset to factory except for the inside ip.

1)I need to set with static ip at outside with ISP gateway

2)I need also static inside since it will be connected to a SBS 2003 server which acts as the DHCP for net network

3)I will also need to create vpn's with 3 other remote offices, also with static IP

4)Strange is at the 'Home' page of the ASDM, it shows outside interface down and most of the time, inside interface also. Could that be that 'missing' route?

5) I guess the only proper way to configure the baby's is via CLI, the Gui is not too helpfull

I've done this easily with Linksys RV042 at all places but the main office will have the ASA 5505. Should I also use the quick VPN to set them up? Or the 'manual' mode?

Thanks for your help

Paul, if you reset to factory default few things will happen. Inside interface IP address will be configured with IP you defined ,dhcpd is turned on for inside interface, and outside VLAN2 SVI interface will also be configured ip address dhcp setroute statement.

To change these things you need to remove these statememts and replace with statements of your choice.

You can start with the following:

Have handy the tools, static IP addresses you will be working with for your outside VLAN1 interface IP and your default route IP address which will be your ISP Ethernet IP address.

For sake of example lets assume 20.20.20.1/24 is the IP address for your VLAN 1 SVI interface and 20.20.20.254 is the ISP next hop router.

Lets start with your number 1 question, do all this connected to the console port, no telnet.

1-

asa(config)#interface Vlan2

asa(config)#no ip address dhcp setroute

asa(config)#ip address 20.20.20.1 255.255.255.0

asa(config)#exit

asa#

Ensure if ISP router interface is configured as auto/auto your ASA Ethernet0/0 is also auto which is by default, if ISP router is hard coded for Speed 100 and Duplex full , ASA Ethernet needs to be also hard coded to 100 full duplex with the speed 100 and duplex full commands under ETH0/0 interface.

asa(config)#interface Ethernet0/0

asa(config)#switchport access vlan 2

asa(config)#Description Connection to ISP_ROUTER

asa(config)#exit

asa#

define your default route

asa(config)#route outside 0.0.0.0 0.0.0.0 20.20.20.254 1

once you have this all configured , from ASA ping your default route, ping 20.20.20.254, if replies you're good.

2-

To change your inside IP address you need to remove dhcpd from inside interface, this will eliminate dhcp services from the inside interface.

asa(config)#no dhcpd address 192.168.2.2-192.168.2.254 inside

asa(config)#no dhcpd enable inside

Then configure your inside interface

asa(config)#interface vlan 1

asa(config)#ip address 192.168.2.1 255.255.255.0

asa(config)#Description Inside_Private_Net

asa(config)#exit

asa#

also, allow inside subnet telnet access to asa, you already have http

asa(config)#telnet 192.168.2.0 255.255.255.0

3-For L2L Ipsec tunnels configuration follow this link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml

4-Duno... we'll see the results once your resolved your 1st and 2nd questions.

5-Yes cli is good, you can use VPN wizard from ASDM, please follow the link above I provided you, the other side of the VPN tunnel can be anything as long it supports IPsec standards, just follow the example in the link and you should be ok creating the tunnel.

HTH

Rgds

Jorge

Rate any helpful post

Thanks for your help,

After playing around I finally got everything to work. Your help was excellent and really helped me understand the basics and also correlate the CLI with the ASDM

Now I will be on with the tunnels and try my way (or Cisco's way) around this part.

Thanks again

Paul

Thanks again. I'll let you know how it goes with the VPN's

I have also rated the post

Paul