Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5505 - Setting up a LAN to access Internet

Hi there,

I am new to the Networking and CISCO world, although I used to play around iptables and Untangle firewalls. Unfortunately my laptop does not have a serial port and until I get a USB-to-RS232 adapter I am going to use ASDM for the setup of my infrastructure. So basically I want to replace Untangle with my newly delivered ASA5505 to obtain the following fairly simple infrastructure:

VLAN1 - management (192.168.1.1)

VLAN2 - outside interface internet (x.x.x.x)

VLAN3 - lan (192.168.100.x)

First of all suffice to say that I am on the base licence. Can I make the lan (vlan3) connect to the internet? I have restricted flow from vlan3 to vlan1 to be able to use a third vlan, and hopefully connect it to the internet. For some reason, I am not able to reach the internet from vlan3 although I got a DHCP .100 address on the client and can connect to the others.

When I connect the laptop to the management interface, I have internet access.

The only static route I have is the default internet one. I am assuming all the other VLANs communicate with each other.

Can someone help me please?

  • Getting Started with LANs
Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions

ASA5505 - Setting up a LAN to access Internet

I'm assuming the Outside Interface is at Security Level 0 and the LAN interface is at Security Level 100.

If the LAN interface, cannot get access to the Internet, make sure there is a dynamic PAT entry for the network.

The internal IP Addresses with need to have a public IP assoicated with them, to communicate to the internet, so like I said above, make sure there is a dynamic PAT entry. You can configure this with the ASDM.

If you have just a static route which goes to the nxt hop of your Outside interface that is a good first step.

If you have multiple internal networks behind the LAN interface, you need to create a static map to point towards them.

Please let me know if you have any further questions.

New Member

Re: ASA5505 - Setting up a LAN to access Internet

Hi,

Yes with the base license you can have up to 3 VLANs, however, the 3rd VLAN can only forward traffic in one direction.

From what you've described, it sounds like you could be missing NAT/PAT configuration. Make sure VLAN 3 subnet is PATed on the internet facing interface of the firewall, which is your outside interface in this case. Also, clients should have VLAN 3 as its default gateway. VLAN 3 should be able to reach the internet however wont be able to initiate connections out to clients in VLAN 1.

Rgds

4 REPLIES

ASA5505 - Setting up a LAN to access Internet

I'm assuming the Outside Interface is at Security Level 0 and the LAN interface is at Security Level 100.

If the LAN interface, cannot get access to the Internet, make sure there is a dynamic PAT entry for the network.

The internal IP Addresses with need to have a public IP assoicated with them, to communicate to the internet, so like I said above, make sure there is a dynamic PAT entry. You can configure this with the ASDM.

If you have just a static route which goes to the nxt hop of your Outside interface that is a good first step.

If you have multiple internal networks behind the LAN interface, you need to create a static map to point towards them.

Please let me know if you have any further questions.

Re: ASA5505 - Setting up a LAN to access Internet

Hello

On the outside interface - ( facing the internet)  you  can either:

1) enable dhcp and use the set-route command to use the default-gateway from the allocated ip range

     int vlan

     nameif outside

     ip address dhcp setroute

2) apply a static Ip address and set a default route to point to the next hop ip of the isp public ip

   

int vlan

     nameif outside

     ip address X.X.X.X  Y.Y.Y.Y

     route outside 0 0  X.X.X.X  ( isp public next-hop ip)

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Re: ASA5505 - Setting up a LAN to access Internet

Hi,

Yes with the base license you can have up to 3 VLANs, however, the 3rd VLAN can only forward traffic in one direction.

From what you've described, it sounds like you could be missing NAT/PAT configuration. Make sure VLAN 3 subnet is PATed on the internet facing interface of the firewall, which is your outside interface in this case. Also, clients should have VLAN 3 as its default gateway. VLAN 3 should be able to reach the internet however wont be able to initiate connections out to clients in VLAN 1.

Rgds

New Member

ASA5505 - Setting up a LAN to access Internet

Thanks for the replies.

I needed to add a dynamic NAT entry similar to the default mgmt<-->internet one for the lan interface.

1571
Views
0
Helpful
4
Replies