I'm completely stymied with what should be a very simple, basic configuration of an ASA 5505.
I'm wanting to connect the ASA to a standard cable modem, provide the ASA with a single static IP address, provide DHCP services on the internal interface(s) and PAT from the internal network to the Internet. (Ultimately, I'm wanting to use the ASA as one half of a site-to-site VPN, but I need to tackle one hurdle at a time.)
When I connect the ASA to the cable modem with the default configuration where the ASA receives it's external IP via DHCP, everything works fine. But when I attempt to assign the static IP address to the external interface, clients on the internal network can no longer get out to the Internet. Thinking there may be a problem with the static IP configuration provided by the ISP, I connected a client directly to the cable modem and configured the client to the static IP settings. All worked fine, so it really seems like an ASA configuration issue.
I've got some experience with PIX firewalls (for small office firewall and remote access VPN services) and I figured that the ASA would be as simple to set up as the PIXs have been, but such has not been the case.
In examining the configs for the default that works and the static IP that doesn't, the only difference is the âip addressâ designation for the Vlan 2 interface. The default config specifies âdhcp setrouteâ, whereas the static IP config specifies the ISP-provided static IP address and subnet mask.
Worth noting, perhaps, is that with the static IP configuration, the line and link lights in the ASDM are green for both the internal and external interfaces, and the syslog shows that inbound filtering is occurring, but this error appears in the syslog, as well:
syslog 110002 failed to locate egress interface for UDP from outside:xx.xxx.xx.xx/68 to xxx.xxx.xxx.xx/67
Attached is the config file for the non-functional static IP configuration. Any suggestions would be most greatly appreciated.