Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA-5505 Problem

Hi! Fighting my ASA-5505 for a while now, still I can't get the inside users connected to the internet. My ADSL is an Routed-Subnet (Static IP, 4 IPS on a single line). When I connect a single PC directly to my modem port, the following IP settings are required: IP: 87.x.x.83, SubnetM: 255.255.255.248, Gatw: 87.x.x.81, DNS: 62.58.62.132 & 62.58.94.130. Works fine. Nevertheless, I can't get my network to work when the are connected trough the ASA-5505. Here's my setup. Can anyone please help?;

: Saved

:

ASA Version 7.2(4)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password encrypted

passwd encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 87.x.x.84 255.255.255.248

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd dns 62.58.62.132 62.58.94.130

dhcpd auto_config outside

!

dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd enable inside

!

dhcpd dns 62.58.62.132 62.58.94.130 interface outside

!

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:ce889e733fab16482b4dee3936a38a73

: end

asdm image disk0:/asdm-524.bin

no asdm history enable

8 REPLIES
Hall of Fame Super Blue

Re: ASA-5505 Problem

Try adding

route outside 0.0.0.0 0.0.0.0 87.x.x.81

Jon

New Member

Re: ASA-5505 Problem

Hi Jon,

Is that a NAT rule? I'm working with GUI interface instead of CLI. I have CLI setup in the meantime, but don't know any commands yet.. :( Thanks!

Hall of Fame Super Blue

Re: ASA-5505 Problem

No it's not a NAT rule. The ASA needs to know how to send packets to the Internet. Without adding the route the ASA does not know where to send the packets.

So you need to add the route above to tell the ASA to send Internet packets to the 87.x.x.81 address.

Jon

New Member

Re: ASA-5505 Problem

Hi Jon, thanks for your quick response...As mentioned, I'm using the GUI version. Can you please explain where this line should be added? Thanks again!

(Maybe it's an idea to start a online chat of remote control session?)

Hall of Fame Super Blue

Re: ASA-5505 Problem

Sorry, i'm not that familiar with ASDM but i have found this doc which shows how to add a static route with ASDM -

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/routing.html#wp1102477

Jon

New Member

Re: ASA-5505 Problem

Oke Jon, is it possible to post some instruction on how to set this up trough CLI. It looks like I can connect using the CLI, consule. Do I have to set it in config mode first? Please help! :(

New Member

Re: ASA-5505 Problem

IT WORKS!!!! Thanks JON!

I entered CLI mode and added the rule mentioned earlier and...SUCCESS!!

Hall of Fame Super Blue

Re: ASA-5505 Problem

Glad you got it working :-)

Jon

133
Views
5
Helpful
8
Replies