Skip to main content

Need Help for a Basic Configuration (PCs-ASA-Internet)

More
16 years 3 months ago #27169 by Oronar
Hey !!

I need somebody help to configure my cisco 5505.
(Its very basic but its my first experience with a cisco equipemnt, isn't easy for me :s)


I will make this network configuration.

PCs <=================> ASA <========> Internet Access

PCs :192.168.1.0
ASA : E1.192.168.1.1
E0.10.1.17.253
Internet Access :10.1.17.254

PCs must for a first time have access to internet.

And my problem:
-PCs can't ping 10.1.17.253 (cant access to internet)
All interfaces are UP.
- I don't found my error :s


[code:1]ASA Version 8.0(2)
!
hostname xxx
enable password Cdskeelz9XsLsVvF encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 10.1.17.253 255.0.0.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
banner login #Attention ! Acces reserve au personnel du service informatique de la societe xxxx. Toutes activites sur ce systeme sont enregistrees. Toutes preuves d'activites non autorisees seront traitees par les autorites competentes. Toute intrusion sur un systeme informatique est interdit par les articles 323-1 a 323-7 du Code Penal.#
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone CET 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
access-list outside-access extended permit tcp any interface outside eq www
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 192.168.1.1 10.1.17.254 netmask 255.255.255.255
access-group outside-access in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.1.20-192.168.1.30 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
!
!
prompt hostname context
Cryptochecksum:4bf78909d47e5f7e1db9b940bd690f33
: end
[/code:1]



Any help would be VERY appreciated. Thanks.
More
16 years 3 months ago #27170 by Elohim
Your route is not correct. This statement is not correct:

route outside 0.0.0.0 0.0.0.0 192.168.1.1 1

point it to the correct default gateway and you should be good to go.
More
16 years 3 months ago #27177 by Oronar
Thank for your reply :D

I have amend my route but my inside network can't ping with the outside.

thank you kindly
More
16 years 3 months ago #27180 by S0lo
I'm definitely not an expert in ASAs, But backing on what Elohim suggested, I think you should do this:

route outside 0.0.0.0 0.0.0.0 10.1.17.254

If that doesn't work. Can you ping 10.1.17.254 from the ASA itself ?

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
16 years 3 months ago #27181 by Oronar
From the ASA, i can ping 10.1.17.254

[code:1]ASA(config)# ping 10.1.17.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.17.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms[/code:1]

The router assign an address ip to PC.
PC acquire : adress and gateway

However, PC don't communicate with the Vlan 2
More
16 years 3 months ago #27182 by Elohim
get rid of this statement:

static (inside,outside) 192.168.1.1 10.1.17.254 netmask 255.255.255.255
Time to create page: 0.132 seconds