Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

New Firmware available for RV340 Series Router family! This includes the RV340, RV340W, RV345, and RV345P

To learn more and get the latest Firmware version click here.

Community Member

ASA 5505- Wrong Config

Hello there,

My ASA 5505 is killing me. (OR I should say The level of my knowledge is killing me)

Please refer to the capture.png for the configuration.

it was working but after a long power outage I don't have access to the internet.angelangel

============================

Internet provider: Verizon

Main Router Model: MI424WR

All devices connected to the Main Router (Router of Verizon) are working properly

I connected my ASA 5505 to the Main Router to have a test lab. The router assigned 192.168.1.19 to the ASA

I have a PC (192.168.20.36) which I used to connect to it through RDP from my office.

I erased everything and tried to reconfigure the ASA angrycrying.

from the main router interface I can see the ASA is enable but inactive (Refer to the Inactive.png)

When I check the connectivity of ASA in the interface it shows everything is fine.(Refer to the OK.png)

Now I do not have access to the internet

I can see the message below in my PC:

DHCP is not enabled for the "Local Area Connection".

my configuration

ASATest(config)# show run
: Saved
:
ASA Version 9.1(2)
!
hostname ASATest
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.20.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
ftp mode passive
object network PC
 host 192.168.20.36
access-list INSIDE-NAT0 extended permit ip 192.168.20.0 255.255.255.0 any
access-list outside_in remark Allow RDP
access-list outside_in extended permit tcp any object PC eq 3389
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network PC
 nat (inside,outside) static interface service tcp 3389 3389
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd dns 192.168.20.2
!
dhcpd address 192.168.20.5-192.168.20.36 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:84ce67e8e61dc20c02b10568edc77c99
: end

 

Please Advise

Everyone's tags (1)
1 REPLY
Community Member

Any Idea?

Any Idea?

155
Views
0
Helpful
1
Replies
CreatePlease to create content