- Posts: 4
- Thank you received: 0
Need Help for a Basic Configuration (PCs-ASA-Internet)
16 years 3 months ago #27169
by Oronar
Need Help for a Basic Configuration (PCs-ASA-Internet) was created by Oronar
Hey !!
I need somebody help to configure my cisco 5505.
(Its very basic but its my first experience with a cisco equipemnt, isn't easy for me )
I will make this network configuration.
PCs <=================> ASA <========> Internet Access
PCs :192.168.1.0
ASA : E1.192.168.1.1
E0.10.1.17.253
Internet Access :10.1.17.254
PCs must for a first time have access to internet.
And my problem:
-PCs can't ping 10.1.17.253 (cant access to internet)
All interfaces are UP.
- I don't found my error
[code:1]ASA Version 8.0(2)
!
hostname xxx
enable password Cdskeelz9XsLsVvF encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 10.1.17.253 255.0.0.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
banner login #Attention ! Acces reserve au personnel du service informatique de la societe xxxx. Toutes activites sur ce systeme sont enregistrees. Toutes preuves d'activites non autorisees seront traitees par les autorites competentes. Toute intrusion sur un systeme informatique est interdit par les articles 323-1 a 323-7 du Code Penal.#
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone CET 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
access-list outside-access extended permit tcp any interface outside eq www
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 192.168.1.1 10.1.17.254 netmask 255.255.255.255
access-group outside-access in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.1.20-192.168.1.30 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
!
!
prompt hostname context
Cryptochecksum:4bf78909d47e5f7e1db9b940bd690f33
: end
[/code:1]
Any help would be VERY appreciated. Thanks.
I need somebody help to configure my cisco 5505.
(Its very basic but its my first experience with a cisco equipemnt, isn't easy for me )
I will make this network configuration.
PCs <=================> ASA <========> Internet Access
PCs :192.168.1.0
ASA : E1.192.168.1.1
E0.10.1.17.253
Internet Access :10.1.17.254
PCs must for a first time have access to internet.
And my problem:
-PCs can't ping 10.1.17.253 (cant access to internet)
All interfaces are UP.
- I don't found my error
[code:1]ASA Version 8.0(2)
!
hostname xxx
enable password Cdskeelz9XsLsVvF encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 10.1.17.253 255.0.0.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
banner login #Attention ! Acces reserve au personnel du service informatique de la societe xxxx. Toutes activites sur ce systeme sont enregistrees. Toutes preuves d'activites non autorisees seront traitees par les autorites competentes. Toute intrusion sur un systeme informatique est interdit par les articles 323-1 a 323-7 du Code Penal.#
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone CET 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
access-list outside-access extended permit tcp any interface outside eq www
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 192.168.1.1 10.1.17.254 netmask 255.255.255.255
access-group outside-access in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.1.20-192.168.1.30 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
!
!
prompt hostname context
Cryptochecksum:4bf78909d47e5f7e1db9b940bd690f33
: end
[/code:1]
Any help would be VERY appreciated. Thanks.
16 years 3 months ago #27170
by Elohim
Replied by Elohim on topic Re: Need Help for a Basic Configuration (PCs-ASA-Internet)
Your route is not correct. This statement is not correct:
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
point it to the correct default gateway and you should be good to go.
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
point it to the correct default gateway and you should be good to go.
16 years 3 months ago #27177
by Oronar
Replied by Oronar on topic Re: Need Help for a Basic Configuration (PCs-ASA-Internet)
Thank for your reply
I have amend my route but my inside network can't ping with the outside.
thank you kindly
I have amend my route but my inside network can't ping with the outside.
thank you kindly
16 years 3 months ago #27180
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: Need Help for a Basic Configuration (PCs-ASA-Internet)
I'm definitely not an expert in ASAs, But backing on what Elohim suggested, I think you should do this:
route outside 0.0.0.0 0.0.0.0 10.1.17.254
If that doesn't work. Can you ping 10.1.17.254 from the ASA itself ?
route outside 0.0.0.0 0.0.0.0 10.1.17.254
If that doesn't work. Can you ping 10.1.17.254 from the ASA itself ?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
16 years 3 months ago #27181
by Oronar
Replied by Oronar on topic Re: Need Help for a Basic Configuration (PCs-ASA-Internet)
From the ASA, i can ping 10.1.17.254
[code:1]ASA(config)# ping 10.1.17.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.17.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms[/code:1]
The router assign an address ip to PC.
PC acquire : adress and gateway
However, PC don't communicate with the Vlan 2
[code:1]ASA(config)# ping 10.1.17.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.17.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms[/code:1]
The router assign an address ip to PC.
PC acquire : adress and gateway
However, PC don't communicate with the Vlan 2
Time to create page: 0.132 seconds