cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2708
Views
5
Helpful
17
Replies

ASA 5505 to Internet (Part 2)

Joffroi85
Level 1
Level 1

I've been trying to get an ASA 5505 configured correctly to let a laptop on one of the ports successfully browse the web.  Afterwards, I'll set up AnyConnect but thats another story. I previously had a thread where I had lots of help, but unfortunately the end results were still not successful. I decided to redo my config from sctrach and have all my information compiled in hopes of getting more help with a simpler post.

Hopefully I this is not an overwhelming amount of information. I'm just trying to figure out what I have set wrong. Thanks in advance for any help. Its greatly appreciated.

Background:

IT has provided me with a port with the following information

Static IP address: 99.66.167.69

Default Gateway: 99.66.167.70

Subnet Mask: 255.255.255.248

Primary DNS: A.A.A.A

Secondary DNS: B.B.B.B

I have ethernet going from the above port to the eth0/0 port of the ASA and then another ethernet going from eth0/1 to the laptop.  I have the console connection going to a desktop server that is connected to a completely different network (only available machine with console port).

Configuration of ASA:

ciscoasa# show run
: Saved
:
ASA Version 8.2(5)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 99.66.167.69 255.255.255.248
!ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 99.66.167.70 1timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

Current Interface Settings

ciscoasa# show int ip br
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES unset  up                    up
Ethernet0/1                unassigned      YES unset  up                    up
Ethernet0/2                unassigned      YES unset  down                  down
Ethernet0/3                unassigned      YES unset  down                  down
Ethernet0/4                unassigned      YES unset  down                  down
Ethernet0/5                unassigned      YES unset  down                  down
Ethernet0/6                unassigned      YES unset  administratively down down
Ethernet0/7                unassigned      YES unset  administratively down down
Internal-Data0/0           unassigned      YES unset  up                    up
Internal-Data0/1           unassigned      YES unset  up                    up
Vlan1                      192.168.1.1     YES manual up                    up
Vlan2                      99.66.167.69    YES manual up                    up
Virtual0                   127.0.0.1       YES unset  up                    up

Laptop Settings:

C:\Users\user>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection 12:

    Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection* 28:

    Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection* 17:

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::41ae:ea9e:1bab:71e7%19

   Default Gateway . . . . . . . . . :

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::5095:d5d4:ce1d:8514%11

   IPv4 Address. . . . . . . . . . . : 192.168.1.3

   Subnet Mask . . . . . . . . . . . : 255.255.0.0

   Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{D6E5C2D0-8D75-4795-A613-944AF2C74691}:

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{4FF04642-E278-4F02-AA4C-20FF49FF3400}:

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

Ping Results

C:\Users\user>ping 4.2.2.2

Pinging 4.2.2.2 with 32 bytes of data:

PING: transmit failed. General failure.

PING: transmit failed. General failure.

PING: transmit failed. General failure.

PING: transmit failed. General failure.

Ping statistics for 4.2.2.2:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\user>ping 99.67.167.70

Pinging 99.67.167.70 with 32 bytes of data:

PING: transmit failed. General failure.

PING: transmit failed. General failure.

PING: transmit failed. General failure.

PING: transmit failed. General failure.

Ping statistics for 99.67.167.70:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\user>ping 99.67.167.69

Pinging 99.67.167.69 with 32 bytes of data:

PING: transmit failed. General failure.

PING: transmit failed. General failure.

PING: transmit failed. General failure.

PING: transmit failed. General failure.

Ping statistics for 99.67.167.69:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\user>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time=1ms TTL=255

Reply from 192.168.1.1: bytes=32 time=9ms TTL=255

Reply from 192.168.1.1: bytes=32 time<1ms TTL=255

Reply from 192.168.1.1: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.1.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 9ms, Average = 2ms

17 Replies 17

Yes that needs to be removed. Your original config was good. It was just your host IP that was wrong.

Sent from Cisco Technical Support iPhone App

Kind Regards, Kevin Sheahan, CCIE # 41349

So I gave my laptop the 8.8.8.8 DNS address still didn't work. Went ahead and cleared the arp table and now it looks like everything is working perfectly now. So far so good and I can browse the web!

Thanks again for all the help and time you put into this. 

Hopefully when I try to set up AnyConnect later it will be smooth sailing.

No problem, happy to help. Feel free to use the forums for VPN help, there are a lot of people able and willing to help!

Sent from Cisco Technical Support iPhone App

Kind Regards, Kevin Sheahan, CCIE # 41349
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: