cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
398
Views
5
Helpful
8
Replies

ASA-5505 Problem

Tim Roelands
Level 1
Level 1

Hi! Fighting my ASA-5505 for a while now, still I can't get the inside users connected to the internet. My ADSL is an Routed-Subnet (Static IP, 4 IPS on a single line). When I connect a single PC directly to my modem port, the following IP settings are required: IP: 87.x.x.83, SubnetM: 255.255.255.248, Gatw: 87.x.x.81, DNS: 62.58.62.132 & 62.58.94.130. Works fine. Nevertheless, I can't get my network to work when the are connected trough the ASA-5505. Here's my setup. Can anyone please help?;

: Saved

:

ASA Version 7.2(4)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password encrypted

passwd encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 87.x.x.84 255.255.255.248

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd dns 62.58.62.132 62.58.94.130

dhcpd auto_config outside

!

dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd enable inside

!

dhcpd dns 62.58.62.132 62.58.94.130 interface outside

!

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:ce889e733fab16482b4dee3936a38a73

: end

asdm image disk0:/asdm-524.bin

no asdm history enable

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

Try adding

route outside 0.0.0.0 0.0.0.0 87.x.x.81

Jon

Hi Jon,

Is that a NAT rule? I'm working with GUI interface instead of CLI. I have CLI setup in the meantime, but don't know any commands yet.. :( Thanks!

No it's not a NAT rule. The ASA needs to know how to send packets to the Internet. Without adding the route the ASA does not know where to send the packets.

So you need to add the route above to tell the ASA to send Internet packets to the 87.x.x.81 address.

Jon

Hi Jon, thanks for your quick response...As mentioned, I'm using the GUI version. Can you please explain where this line should be added? Thanks again!

(Maybe it's an idea to start a online chat of remote control session?)

Sorry, i'm not that familiar with ASDM but i have found this doc which shows how to add a static route with ASDM -

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/routing.html#wp1102477

Jon

Oke Jon, is it possible to post some instruction on how to set this up trough CLI. It looks like I can connect using the CLI, consule. Do I have to set it in config mode first? Please help! :(

IT WORKS!!!! Thanks JON!

I entered CLI mode and added the rule mentioned earlier and...SUCCESS!!

Glad you got it working :-)

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco