I have Internet from a DSL connection from my ISP. Public IP from ISP is from a DHCP server after PPPOE dialing by the modem/router.
I have connected the LAN from modem / router (DHCP = 192.168.15.0 - 192.168.15.254) --> Ethernet 0/0 on ASA 5510 (with a static IP = 192.168.15.3).
Ethernet 0/1 and Management port on ASA 5510 is connected to a switch to which my computer is connected. I have no Internet.
Please note the ASA version I have is 7.0.8 which does not support PPPOE.
You have no internet from the computer, but do you have internet from the ASA itself?
You can confirm this by doing ''ping 126.96.36.199'' from the ASA itself. (188.8.131.52 is just a public IP)
If you have internet from the ASA, we just have to check the configuration on the ASA to allow internet from your computer.
If there's no internet from the ASA itself, you need to check your ISP connection.
I did ping 184.108.40.206 but could not from the ASDM but I have Internet on modem/router when I connect my computer directly. In fact the DHCP server of the modem/router shows ASA connected.
Is it that I need to give access to Ethernet 0/1 (inside network) to Ethernet 0/0 (outside network connected to modem/router). Both the ports are set at security level 0. In case this required how do I do that.
The E0/0 is the outside and should have security level 0
The E0/1 is the inside and should have security level 100
Then, you need to NAT.
nat (inside) 1 0 0
global (outside) 1 interface
With this basic configuration you should be able to browse from your computer (assuming your PC has a default gateway pointing to the ASA).
And assigning the correct IP addresses to the ASA.
Can you please explain the NAT policy specifically. I am enclosing a few screen shots of ASDM.
Ethernet 0/0 has a static IP address 192.168.10.3, subnet 255.255.255.0 and security level 0.
Ethernet 0/1 has DHCP enabled and security level 100.
Can you please explain the exact NAT configuration based on the screenshots.
I entered the commands for NAT as mentioned by you in the CLI.
After which I pinged 192.168.10.3 (static IP of Ethernet 0/0) and 192.168.10.1 (IP of my modem/router) from ASDM which was successful. However, I was not able to ping a public IP address 220.127.116.11 from the ASDM.
At the same time I tried to ping from the command prompt of my computer to 192.168.10.3 and 192.168.10.1 which failed.
Do you have a DHCP server configured on the "inside" network? the command "ip address dhcp setroute" implies Eth0/1 will get an IP address from a DHCP server.
Thanks and Regards,
I am using the ASDM to configure as I am not familiar with the CLI. I want to configure the ASA for VPN to another router.
I went to the CLI and typed "ip address dhcp setroute" but it gave error.
Regarding DHCP server on Ethernet 0/1:
1. In ASDM I went to Properties --> DHCP Server. It has a DHCP server enabled for the management port with DHCP pool starting from 192.168.1.1 to 192.168.1.254.
2. Here I tried to enable the DHCP server on Inside (Ethernet 0/1) however it gives an error saying Ethernet 0/1 is a client and can not be turned to a server.
3. In the above situation I went to interfaces to see if I could give a static IP to Ethernet 0/1 from the DHCP server of the Management Port. However, here ASDM shows the message the Ethernet 0/1 can not be in the same subnet (255.255.255.0) as of Management Port.
4. So currently Ethernet 0/1 is set to obtain IP from DHCP but I am not very sure from which DHCP server.
1) If you would like to enable a DHCP server on the Eth0/1 interface, it can not obtain an IP address using a DHCP server as well. Only one of those can be configured at a time. I owuld suggest giving a static IP to eth0/1.
2) 2 interfaces of an ASA can not be in the same subnet. So you will have to configure eth0/1 and Management interfaces in different subnets.
3) It is not possible for Eth0/1 interface of ASA to obtain an IP address using the DHCp server on Management interface.
I would usggest you to go to the interfaces section in ASDM and give eth0/1 an IP address in a different subnet as compared to Management interface. Following this, you should be able to configure a DHCP server on the Eth0/1 interface.
Let me know if this helps!!
I gave Ethernet 0/1 a static IP address 192.168.15.1 and subnet 255.255.255.0 (same as outside and management) and also a static IP address and subnet 255.255.255.192. But no help.
If I do not have a DHCP server on Ethernet 0/1 how can I give access to computers connected in the local network.
Even though I tried to enable a DHCP server on Ethernet 0/1 but the error message is the same that it is a client and only a server can have the access feature. (I had added Ethernet 0/1 in the list of ports that can ASDM under Device Administration --> ASDM HTTPS and disabled the mangement DHP server)
I appreciate your help. Can you let me know if you could take a look at the ASDM console. I can give you access through team viewer.