cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
835
Views
0
Helpful
10
Replies

Help with Cisco ASA 5510 configuration cli

godwin osas
Level 1
Level 1

I am new to Cisco, I have asa 5510 router that I am trying to setup. I have no static IP from my ISP, I have a cable modem and Cisco 2950 switch with 5 computers.

What I am planning to do is to connect the cable modem to the Ethernet 0/0 to receive a dynamic IP from ISP. What I have done so far is this: nameif:  int e0/0  Outside. ip address dhcp setroute

I have configured dhcp server on the Inside interface e0/1 i.e 192.168.0.1 255.255.255.0 and this interface connect to the switch. I can ping the 192.168.0.1 from the PC that is connected to the switch, and other PC are also getting correct IP address via the switch.

I have 2 problem, I cannot connect to the Internet, and the second problem is that I cannot connect to asa router to manage it, I did enable http server on the Inside interface but I cannot get to the management interface using http://192.168.0.1 from the computers that is connected to the switch.

Any help will be appreciated. If you can provide me with a sample configuration that would be a great help. No need to refer me to other links, if you have a solution please post it here.

Thank you.

10 Replies 10

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi,

Are you able to ping the inside interface? If yes,configure ssh on it. You would need to generate the RSA key . Everything else is same as enabling http access.

That http you enabled is for ASDM access. You can download ASDM from cisco.com.

Steps to configure ASDM:

asdm image dosk0:/asdm645.bin     (if image name is asdm645.bin)

then:

http server enable

http 10.0.0.0 255.0.0.0 inside      (if your machine is in 10.0.0.0 subnet behind inside interface)

Go to the machine, open a browser and type in:

https://

it will open the GUI.

Regarding no internet access-

What do you see in logs?  Have you configured NAT?

What version of ASA are you running?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Thank you Kanwal for your reply. Yes I can ping the inside interface with no problem. No I have not configure the NAT yet, Idont know how to configure the NAT and default route.

Thank you so much for your help, I appreciate your time.

Hi,

You would need to NAT the traffic to our ISP assigned IP on outside interface to access internet.

What is the version you are running?

I can tell you the rule format then since the syntax differs in different versions.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Thank you Kanwal, I am away from the system right now, will post the version later. What will be the generic cli syntax for the NAT. note: I have no ISP static IP, I use dhcp for the Outside interface.to obtain IP from the ISP cable modem.. 

Thanks again for your time.

Hi,

You will have to first define object and then do:

nat (inside,outside) source dynamic interface, since interface is the keyword, whatever IP interface has, the inside ip's will be natted to it.

I know you have suggested against pasting links, but i guess you wouldn't mind this one:)

This is how nat looked in pre and post 8.3. So you can take a look and decide which one is useful for you.

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

Hope this helps!

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Thanks again for the response, 

I have check the configuration in the link but I am not sure which ip address belongs to the inside or outside and which ip address to use for the object.. in my case I guess I have to replace the outside ip address with the interfaceid i.e e0/0.

The sample from the link shows:


Pre-8.3 NAT
Regular Static NAT
static (inside,outside) 192.168.100.100 10.1.1.6 netmask 255.255.255.255 Following this example the outside IP will be 10.1.1.6 in my own case since I do not have a static ip I will need to replace with interface id e0/0


Also assuming my system is 8.3: would the obj-10.1.1.6 represent Inside interface or outside interface?

object network obj-10.1.1.6
host 10.1.1.6
nat (inside,outside) static 192.168.100.100


should the host be individual IP or the whole network. My internal network is 192.168.0.0 based on the ip in this example I am not sure which IP is the inside or outside interface.

Thank you.

yes 10.1.1.6 would be the inside. But you need dynamic so that all your ip's can nat to same interface IP.

So under object you would need to select range or subnet.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Would this work?

object network obj-192.168.0.0
host 192.168.0.0
nat (inside,outside) dynamic e0/0

My inside interface ip address is 192.168.0.1 " should the object ip and host be 192.168.0.0 or 192.168.0.1"

Thank you.

My software version is:

Cisco Adaptive Security Appliance Software Version 8.4(5)6
Device Manager Version 7.1(2)

Compiled on Thu 07-Feb-13 20:04 by builders
System image file is "disk0:/asa845-6-k8.bin"
Config file at boot was "startup-config"

ASA5510fw up 6 mins 4 secs

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048K

My inside interface ip address is 192.168.0.1 " should the object ip and host be 192.168.0.0 or 192.168.0.1"

I am getting error, when I enter this command:

ASA5510fw(config-network-object)# nat (Inside,Outside) dynamic e0/0
ERROR: Object e0/0 doesn't exist

Thank you.

Thank you for all your help, the network is now up and running. Was able to get to ASDM to complete the configuration. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: