Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
0
Helpful
3
Replies

ASA 5510

prashantchandak7
Level 1
Level 1

‎11-12-2010 10:26 PM

I have a ASA 5510 ASA version 7.0.8 and ASDM 5.2. I am not familiar with the CLI and am using the ASDM.

I have connected the ASA 5510 as folllows:

DSL Modem/Router(DHCP Server : 192.168.10.x)------->ASA 5510 Ethernet 0/0(DHCP configured, security level 0, subnet 255.255.255.0)         

Ethernet 0/1 (Static IP 192.168.15.1,security level 100, subnet 255.255.255.0) and Management Port (DHCP Server : 192.168.1.x, security level 100, subnet 255.255.255.0)--------->Switch--------->PC

In the above scenario using the ASDM Ping I can ping 4.2.2.2, 192.168.15.1, 192.168.10.3 (Ethernet 0/0) but can not ping any using the command prompt. When connected using Ethernet 0/1 my computer shows limited connectivity and can not connect to the ASA. Please can you explain how should ethernet 0/1 be configured to establish connectivity with the ASA and then to have internet access. I tried to enable DHCP server to provide an IP to the computer on Ethernet 0/1 but the ASDM gives an error Ethernet 0/1 is a client and can not be a server.

After this I need to create a VPN between the ASA and a 3G router over IPSEC.    

Labels:
0 Helpful
3 Replies 3

Nicolas Fournier
Cisco Employee
Cisco Employee

‎11-16-2010 09:49 AM

Hi Prashant,

In your case, you should either put a static IP address on your host or enable DHCP server on your inside interface (E0/1).

Since you've put a static address on it, it shouldn't complain if you enable dhcp server on this interface.

Are you sure you used the correct pool when you tried to enable DHCP server on the E0/1?

Could you get me the exact error message that you have when you try to add the DHCP server on the inside?

Regards,

Nicolas

0 Helpful

prashantchandak7
Level 1
Level 1
In response to Nicolas Fournier

‎11-16-2010 12:07 PM

Hello Nicolas

Thank you for your reply I have got this working now but am stuck with configuring a IPSEC VPN between ASA 5510 and a 3G router.

I am not familiar with the CLI so I have used ASDM 5.2 on ASA 7.0.8 to configure a site to site VPN using VPN wizard but it has not worked.

I would appreciate if you could share information on how to configure the VPN between the 2 routers. 

3G router has a dynamic public IP. Can I configure a ddns in peer IP address in ASDM VPN wizard.

Regards

Prashant

0 Helpful

Nicolas Fournier
Cisco Employee
Cisco Employee
In response to prashantchandak7

‎11-16-2010 01:55 PM

Hi Prashant,

Unfortunately, there is no way to set a peer IP address on a static crypto map as a DNS name, the only options are the IP or the hostname of the peer as defined on the ASA through a name command.

To have your setup working, you'll have to configure your ASA as the device named "Lion" under the following link: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

You'll have to configure a dynamic crypto map and set the pre-shared key of the VPN under the DefaultL2LGroup tunnel-group.

The document just shows the CLI but I'm sure you'll be able to find the equivalent on ASDM.

Regards,

Nicolas

0 Helpful
Customers Also Viewed These Support Documents