Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me

TOPIC: HowTo: Basic ASA 5505 configuration

Re: HowTo: Basic ASA 5505 configuration 10 years 6 months ago #32592

Nice guide with clear cut explanation. However, it didn't work for me.
Today I was playing with my ASA 5505 and above configuration could not allow ping to any host on outside interface. I debugged and found out that it was denying the returning ICMP reply.

then

www.cisco.com/en/US/products/hw/vpndevc/...186a0080094e8a.shtml

explained that by default any ICMP is denied by ASA unless configured by ACL or ICMP inspection in global inspection policy.

such minor things (for you veterans) give us a chance to dig dipper for newbie like me.

Please keep it up!!!!

nice job 10 years 6 months ago #32671

just wanted to say thank you for this write up. I purchased 4 5505's and spent 2 weeks trying to get them to work until I tried your post.

One thing I learned, don't depend on the ASDM for initial setup, do the CLI initially THEN you can play with ASDM.

Looking forward to your next installment.

Simply Superb!!! 10 years 4 months ago #33316

just wanted to say that i wasted around 3 weeks in searching for proper configuration steps.After reading your post it was really easy setting up the firewall.Thanks!!

Re: Fixed IP on ASA 5505 10 years 3 months ago #33678

Good step by step, however you glossed over the part I need. I want to have a fixed IP on the outside. If I have it set to DHCP everything is fine but when I switch to a fixed IP I can no longer get out of the firewall. I am assuming it is a DNS or Routing problem but I can't figure out what to fix.

I am new to firewalls and everything I know I learned by trial and error.

Thanks in advance for any help.


When you had DHCP set route on the outside, the default route is obtained from the DHCP server (ISP), thus you don't need to specify a static default route. However, when you have static IP on outside, you must specify a static default route:

route outside 0.0.0.0 0.0.0.0 [gatewayIP]

Re: HowTo: Basic ASA 5505 configuration 9 years 10 months ago #34976

Question 1: When setting up vlan 2 :

ExampleASA(config)# interface vlan 2
ExampleASA(config-if)# ip address 212.115.192.193 255.255.255.248
ExampleASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ExampleASA(config-if)# exit
ExampleASA(config)# route outside 0.0.0.0 0.0.0.0 212.115.192.192

Must the IP address be the next hop? My router ip address is 192.168.0.1 - so is this what I should use?

The route outside - what are the three parts of it? If I have a router with ip address 192.168.0.1 what ip address should I be using for route outside? are the three parts of route outside the hops? so should I have route ip and outside ip?

Question 2:
With global (outside) 10 interface and nat (inside) 10 192.168.1.0 255.255.255.0 does it matter if you use the number 10 or the number 1? Can you use any number? NAT inside should that be done by my firewall or my router, i.e. should the ip address be the router or firewall?

Re: HowTo: Basic ASA 5505 configuration 9 years 10 months ago #34978

I found this:

ip route 0.0.0.0 0.0.0.0 139.130.34.43 (Here we tell our router to create a default route where any packet -defined by the first 0.0.0.0- no matter what subnetmask -defined by the second 0.0.0.0- is to be sent to ip 139.130.34.43 which would be the router we are connecting to)

should I just change 139.130.34.43 to my router ip - 192.168.0.1 ?

I have noticed that on vlan2 the ip address is different to the route outside address
Time to create page: 0.128 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup