cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
531
Views
0
Helpful
4
Replies

Setup ASA 5505

Tim Roelands
Level 1
Level 1

Hi All,

I relatively new to ASA5505 devices, but I try to understand the following: My ISP provides me with 4 static IP's in a so call routed subnet, so no NAT is available. I don't understand how to setup a internet connection for the inside network. Let me explain. My ADSL modem provides four utp connections all responsible for one external IP address. To connect to the internet I setup an Linksys device (RV042) connected to one port of my ADSL modem. To set it up I must configure a static WAN IP, a subnet and a (external and in the same range) gateway. Works fine!

I would like to setup Remote Access by VPN, using VPN client software, but I don''t understand how to configure my ASA5505 to connect the internal network (behind the ASA) with the external (internet). Do I have to use the RV042 linksys between, or can I connect my ASA directly to my ADSL modem? Is it possible to use my ASA when only routed subnet is available?

Using the Cisco ASDM utility I see it's possible to setup port '0' as an Outside port, connecting to an external network (internet), and it is possible to set it up for an static IP, but to connect it properly to my ADSL modem it needs an gateway IP aswell...what isn't possible... So I'm stuck in the mud now.... Any help is welcome!

4 Replies 4

netwalkr1
Level 1
Level 1

Hi Sir! I'll do my best to steer you in the right direction.

1) Yes, you can achieve your requirements with a single routed subnet from your service provider.

2) Start here>

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094768.shtml

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/usrguide.html

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdmproc.html

HTH and Good luck!

Shaun

So, if understood correctly, I don't need the Linksys to setup a proper connection? The first URL looks promising, but I can't understand the setup. I never used my ASA in CLI mode.

Looks like they setup an external WAN IP on the outside port '0'. (image shows an x.266, I guess that's a mistake I should be x.226)..bit strange..My WAN IP is x.x.x.83 / 255.255.255.248. Any help?

Yes, it helps a bit.

Your outside interface will be x.x.x.8x with a subnetmask of 255.255.255.248. This interface will have a security level of 0 (untrusted). The inside interface will be your LAN subnet possibly your default gateway for the inside hosts. Example: 10.1.1.1 255.255.255.0. This inside interface should have a security level of 100(trusted). I'm sorry but, I don't use the ASDM so I will do my best to provide links with that information. Your outside interface will NAT all inside traffic to the outside interface IP address and you will need a default route to the service provider. Here is an example config (CLI).

interface Ethernet0/0

nameif Outside

security-level 0

ip address x.x.x.84 255.255.255.248

!

interface Ethernet0/1

nameif Inside

security-level 100

ip address 10.1.1.1 255.255.255.0

!

global (outside) 10 interface

nat (inside) 10 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 x.x.x.83

ASDM Help:

http://www.netcraftsmen.net/welcher/papers/asdm01.html

Thanks again netwalkr1. So the Linksys is out, the ASA is connected directly to my ADSL routed subnet modem? I'll let you know when I succeed... ;)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco