Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Inherited ASA 5505 confused about Config

Inherited ASA 5505 confused about Config 2 years 8 months ago #38501

  • dloj333
  • dloj333's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Hi Everyone,
Thanks for the site it has helped and confused me more. :)

I inhereited an ASA 5505 in this new position I have and I found this site and followed the setup process.for Basic ASA 5505 configuration and it did not work. I could not access the outside (internet) that was a few months ago.

I got back to it the other day and still couldn't connect to the internet until I started playing around with outside and inside. When I set the computer I am using to access the console as dhcp I get out but the IP address of the computer is using my main network ip naming scheme rather than the ASA box naming scheme.

So I am confused I am attaching my running-config. Any help would be appreciated.

File Attachment:

File Name: Dan_runnin...nfig.txt
File Size:3 KB


Thanks in advance
The administrator has disabled public write access.

Inherited ASA 5505 confused about Config 2 years 8 months ago #38503

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Hi dloj333 and welcome to Firewall.cx.

In regards to your confusion on how to setup the ASA Firewall, it usually happens when we skip through sections or read too fast, missing critical points.

From your configuration, I see that VLAN 2 - Outside interface is set to DHCP and also has the 'setroute' parameter, which means you do not need the following incorrect default route:
route outside 0.0.0.0 0.0.0.0 192.168.17.57 1

As a next step, I'd highly advise you read through the following small sections on our ASA Firewall Startup guide

Create, Configure and Apply TCP/UDP Object-Groups
Configuration of Access-Lists for ICMP Packets to the Internet
Appling Firewall Access-Lists to ‘inside’ and ‘outside’ Interfaces


After configuring the above, you should have a working ASA Firewall and your LAN will have Internet access.

The biggest issue in your configuration was that you had incorrectly configured the default route.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.
The following user(s) said Thank You: dloj333

How to configure inherited ASA 5505 Firewall 2 years 8 months ago #38504

  • dloj333
  • dloj333's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
I will not be able to get back to this till Monday as I am on a sort of vacation, do IT guys ever get a vacation? :laugh:
Anyway thanks for the reply, I thought the route you pointed out was incorrect but was not sure how to get rid of it.

If you could point that out that would be great.

But if you the reading you suggested will inform me of that, good.

Thanks again, I am sure you will hear more from me as my learning progresses into the ASA 5505.

I have the ASA setup as a device on my network as I am learning it and am trying to build a vlan behind it. Once I am comfortable with it, it will become my main router/firewall and I hope to be able to build a couple of vlans with it.
The administrator has disabled public write access.

Inherited ASA 5505 confused about Config 2 years 8 months ago #38505

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Just append a 'no' and copy-paste the whole command while in priviledge-exec mode:
# config t
(config)# no route outside 0.0.0.0 0.0.0.0 192.168.17.57 1

That should do the trick!

Good luck!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Inherited ASA 5505 confused about Config 2 years 8 months ago #38508

  • dloj333
  • dloj333's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Thanks Chris,

Well that didn't seem to do the trick. So I started over with your basic ASA 5505 configuration sheet and here is my current show ru .

No though The ASA will not allow the command "global (outside) 1 interface" to go through.

Any suggestions?

Thanks in Advance
Attachments:
The administrator has disabled public write access.

Inherited ASA 5505 confused about Config 2 years 8 months ago #38509

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Hi dloj333,

If what you've posted is your actual configuration, then it seems like you've missed a few very important steps from our ASA Startup guide. A few very important steps I noticed with a quick look is that you haven't declared your INSIDE & OUTSIDE interfaces, not have you configured any access lists.

To save yourself time and trouble, I'd really advise you to go back to the article and read through it slowly and implement each section as you're reading it. The article has been written in a way that will allow the reader to configure their ASA firewall from the beginning of the article, without any problems.

Hope that helps.

Chris.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.092 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup