10-07-2010 08:45 PM - edited 03-11-2019 11:52 AM
Any help would be great......I have made several changes but can't seem to connect to the internet......
I am very new to the cisco and asa world....
Thanks for the help.
Here is my config file...
: Saved
:
ASA Version 8.0(5)
!
hostname asa
enable password m encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.5 255.255.255.0
management-only
!
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
pager lines 24
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (inside) 101 interface
global (outside) 1 111.111.111.11
nat (inside) 1 192.168.10.0 255.255.255.0
nat (inside) 101 0.0.0.0 0.0.0.0
nat (outside) 101 0.0.0.0 0.0.0.0 outside
route outside 0.0.0.0 0.0.0.0 192.168.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.6-192.168.1.254 management
!
dhcpd address 192.168.10.2-192.168.10.30 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username asa password v encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:6f11e3619456492d465bbbec26ff930d
: end
asdm image disk0:/asdm-631.bin
no asdm history enable
Solved! Go to Solution.
10-22-2010 04:06 PM
Nice,
I am glad that everything is working, would you please mark this issue as resolved?
Thanks!
Mike
10-07-2010 08:57 PM
Please remove the following as follows:
no global (inside) 101 interface
no global (outside) 1 111.111.111.11
no nat (inside) 1 192.168.10.0 255.255.255.0
no nat (outside) 101 0.0.0.0 0.0.0.0 outside
no route outside 0.0.0.0 0.0.0.0 192.168.10.1 1
And add the following:
global (outside) 101 interface
After the above changes, please "clear xlate".
Please check the output of "show route" and makes sure that you have default gateway set by your ISP via the DHCP setroute command on the outside interface.
Hope that helps.
10-07-2010 09:09 PM
Thanks.....
Ok I made those changes.....
If I enter the show route I recieve the following....
Gateway of last resort is not set
c 192.168.10.0 255.255.255.0 is directly connected, inside
c 192.168.1.0 255.255.255.0 is directly connected, management
10-07-2010 09:14 PM
OK, that means your outside interface doesn't seem to get the default gateway from your ISP.
How is the connection to the ISP? is it supposed to be DHCP assigned address? Are you getting IP Address on the outside interface?
Please check "show interface" to see if you are getting ip address on the Outside interface.
If not, please try shut/unshut the interface:
interface Ethernet0/0
shut
no ip address
ip address dhcp setroute
no shut
And check the interface again and route.
10-07-2010 09:22 PM
My connection is.....
ISP provided dsl modem <-------> asa outside interface
asa inside interface <------------> internal switch
internal switch <--------------> office pc
DHCP is how my isp provide modem is currently set.......I can change it and will change it to whatever will make it work.
I made the changes as you suggested and recieved the following...
show route
Gateway of last resort is not set
C 192.168.10.0 255.255.255.0 is directly connected, inside
C 192.168.1.0 255.255.255.0 is directly connected, management
10-07-2010 09:44 PM
Hello,
Why dont you try and set a static route in asa pointing towards the dsl modem?
Regards
Raja
10-07-2010 09:54 PM
Can you post a : show inter ip brie
and debug dhcpc event
for the debug you must add first :
logging enable
logging buffered 1
Dan
10-08-2010 05:56 AM
show inter ip brie.......
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES DHCP up up
Ethernet0/1 192.168.10.1 YES manual up up
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Management0/0 192.168.1.5 YES CONFIG up up
10-08-2010 06:05 AM
Do you know from what class should you receive the dynamic IP ( the problem might be that
you should receive an IP from 192.168.1 or 192.168
.10 ) because the interface configuration is ok.
Do you have any logs like : Failed to apply IP address to
BTW enable your logging
Dan
10-08-2010 06:23 AM
dancicioiu wrote:
and debug dhcpc event
for the debug you must add first :
logging enable
logging buffered 1
Dan
can't seem to make this command work......
asa(config)# debug dhcpc event
^
ERROR: % Invalid input detected at '^' marker.
10-08-2010 06:24 AM
try :
debug dhcpc detail
10-08-2010 06:29 AM
asa(config)# debug dhcpc detail
debug dhcpc detail enabled at level 1
10-08-2010 06:34 AM
i'm starting to wonder if there isn't something configured/set up wrong within my ISP provided modem.......
Currently I have done nothing differently with it.....except hook the asa into it.....
Should I change something within it?
I have conntacted my isp so I do have my static IP but I have not done anything with them......
Thanks for everyone's help!
10-08-2010 05:26 PM
If you received static IP address from your ISP, you should just configure the static ip address on your ASA outside interface instead of DHCP.
Then you would also need to configure default route on the ASA to point to your ISP IP address. Internet should work after that.
10-12-2010 02:18 PM
Sorry was a long holiday weekend......and I elected to take the entire weekend off.......
Back to work now.....
Here is my running config.......
Something still isn't quite right........
I have a feeling it has to do with my my configuration of my route to point to my ISP IP address........
ASA Version 8.0(5)
!
hostname l
enable password l encrypted
passwd 2 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 111.111.111.11 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.5 255.255.255.0
management-only
!
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
pager lines 24
logging enable
logging buffered alerts
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 192.168.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.6-192.168.1.254 management
!
dhcpd address 192.168.10.2-192.168.10.30 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password vx8BkOWfWwvYuBKw encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:270ddeeb0289103b45bfa08f20419bba
: end
asdm image disk0:/asdm-631.bin
no asdm history enable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide