Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Newbie setting up an ASA 5510

Hello guys.

I am stuck here. I have reviewed the Cisco docs and it has gotten me nowhere.

I have a very basic setup and have gotten as far as this.

setup E/0 (outside)as 66..x.x.x

setup E/0 (inside)as 10.1.3.1

What are my next steps? I just need to get this thing to allow traffic through to the internet.

Thanks, NP

1 REPLY

Re: Newbie setting up an ASA 5510

Hi,

I assumed you already define the security level for each interfaces (sec0 for outside, sec100 for inside) and changed the status to active/up (use "no shut").

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080636f42.html

1) Configure PAT (single IP) or a range of Public IP within the range assigned by your ISP to be used by internal hosts to access outside/internet.

PAT (single IP) can use either outside interface IP or single unassigned IP from the same subnet.

Example of PAT using outside interface IP:

global (outside) 1 interface

nat (inside) 1 10.1.3.0 255.255.255.0

Example of PAT using unassigned IP (same subnet with outside IP/Public IP assigned by ISP):

global (outside) 1 66.x.x.5

nat (inside) 1 10.1.3.0 255.255.255.0

OR if you have a range of IP, use:

global (outside) 1 66.x.x.5-66.x.x.20 netmask - based on actual netmask

nat (inside) 1 10.1.3.0 255.255.255.0

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063b1fa.html#wp1042339

2) Make sure you have route statement to reach outside and inside interface.

Route to outside:

route outside 0.0.0.0 0.0.0.0.0 66.x.x.x.1 --> example if your internet router is .1

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a00806403ec.html

3) Optional - Additionally, apply ACL to control outbound traffic from internal hosts

ASA(config)# access-list INSIDE extended permit ip 10.1.3.0 255.255.255.0 any eq 53

ASA(config)# access-list INSIDE extended permit ip 10.1.3.0 255.255.255.0 any eq 80

ASA(config)# access-list INSIDE extended permit ip 10.1.3.0 255.255.255.0 any eq 8080

ASA(config)# access-group INSIDE in interface inside

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080637380.html

Rgds,

AK

93
Views
5
Helpful
1
Replies
CreatePlease to create content