Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Need Help for a Basic Configuration (PCs-ASA-Internet)

Need Help for a Basic Configuration (PCs-ASA-Internet) 8 years 1 month ago #27169

  • Oronar
  • Oronar's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Hey !!

I need somebody help to configure my cisco 5505.
(Its very basic but its my first experience with a cisco equipemnt, isn't easy for me :s)


I will make this network configuration.

PCs <=================> ASA <========> Internet Access

PCs :192.168.1.0
ASA : E1.192.168.1.1
E0.10.1.17.253
Internet Access :10.1.17.254

PCs must for a first time have access to internet.

And my problem:
-PCs can't ping 10.1.17.253 (cant access to internet)
All interfaces are UP.
- I don't found my error :s


[code:1]ASA Version 8.0(2)
!
hostname xxx
enable password Cdskeelz9XsLsVvF encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 10.1.17.253 255.0.0.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
banner login #Attention ! Acces reserve au personnel du service informatique de la societe xxxx. Toutes activites sur ce systeme sont enregistrees. Toutes preuves d'activites non autorisees seront traitees par les autorites competentes. Toute intrusion sur un systeme informatique est interdit par les articles 323-1 a 323-7 du Code Penal.#
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone CET 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
access-list outside-access extended permit tcp any interface outside eq www
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 192.168.1.1 10.1.17.254 netmask 255.255.255.255
access-group outside-access in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.1.20-192.168.1.30 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
!
!
prompt hostname context
Cryptochecksum:4bf78909d47e5f7e1db9b940bd690f33
: end
[/code:1]



Any help would be VERY appreciated. Thanks.
The administrator has disabled public write access.

Re: Need Help for a Basic Configuration (PCs-ASA-Internet) 8 years 1 month ago #27170

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
Your route is not correct. This statement is not correct:

route outside 0.0.0.0 0.0.0.0 192.168.1.1 1

point it to the correct default gateway and you should be good to go.
The administrator has disabled public write access.

Re: Need Help for a Basic Configuration (PCs-ASA-Internet) 8 years 1 month ago #27177

  • Oronar
  • Oronar's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Thank for your reply :D

I have amend my route but my inside network can't ping with the outside.

thank you kindly
The administrator has disabled public write access.

Re: Need Help for a Basic Configuration (PCs-ASA-Internet) 8 years 1 month ago #27180

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
I'm definitely not an expert in ASAs, But backing on what Elohim suggested, I think you should do this:

route outside 0.0.0.0 0.0.0.0 10.1.17.254

If that doesn't work. Can you ping 10.1.17.254 from the ASA itself ?
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: Need Help for a Basic Configuration (PCs-ASA-Internet) 8 years 1 month ago #27181

  • Oronar
  • Oronar's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
From the ASA, i can ping 10.1.17.254

[code:1]ASA(config)# ping 10.1.17.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.17.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms[/code:1]

The router assign an address ip to PC.
PC acquire : adress and gateway

However, PC don't communicate with the Vlan 2
The administrator has disabled public write access.

Re: Need Help for a Basic Configuration (PCs-ASA-Internet) 8 years 1 month ago #27182

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
get rid of this statement:

static (inside,outside) 192.168.1.1 10.1.17.254 netmask 255.255.255.255
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.093 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup