Skip to main content

ASA 5505 and Linksys WRT610N ver2

More
14 years 8 months ago #33761 by matoposb0y
Hello everyone, I am a newbie and I am having a problem setting up a network and would appreciate any help that you may be able to offer.

I initially set up my broadband connection into the asa ethernet0/0 and my router to ethernet0/1. All computers connect to the router then the asa then the internet. It was all working fine when I decided to set up vpn and it all fell down and now nothing works, not even the internet. I have disconnected the asa and now have the internet go directly to the router which works fine. I have reloaded the default configuration on the asa via the command propmt using the tutorial from this site and it still wont work.

This is the first error I got:
myasa(config-if)# ip address dhcp setroute
ERROR: Failed to apply IP address to interface Vlan2, as the network overlaps with interface Vlan1. Two interfaces cannot be in the same subnet.

My linksys router has an ip addy of 192.168.1.1 and so does my asa, could this be the problem? I changed the linksys to 192.168.1.2 but it did not help.

I also tried to configure the asa with a static ip address, but that did not work either.

Does any body have any ideas on how i could set this up, or what I am doing wrong? Any help or reference to relevant literature would be greatly appreciated.

Thanking you in advance - Matoposboy
More
14 years 8 months ago #33797 by sys-halt
hey matoposb0y, normally Routers are thrown at the Perimeter of your Network to route, we usually connect the Internet Connection to the Router to provide the routing and we put the firewall behind our router to implement our rules for filtering.


of course if you reset your ASA it will not work properly until you reconfigure it from scratch.

I am not aware of your configuration on the ASA but it sound from the Error Message that you implemented two VLANs and you are trying to assigning them Addresses from the same IP Subnet. try using different IP Address scheme on one of the VLANs you are trying to create.

good luck,
More
14 years 4 months ago #34977 by matoposb0y
Thanks for your replies. Please can someone answer the following questions which I am very confused about:

Question 1: When setting up vlan 2 :

ExampleASA(config)# interface vlan 2
ExampleASA(config-if)# ip address 212.115.192.193 255.255.255.248
ExampleASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ExampleASA(config-if)# exit
ExampleASA(config)# route outside 0.0.0.0 0.0.0.0 212.115.192.192

Must the IP address be the next hop? My router ip address is 192.168.0.1 - so is this what I should use?

The route outside - what are the three parts of it? If I have a router with ip address 192.168.0.1 what ip address should I be using for route outside? are the three parts of route outside the hops? so should I have route ip and outside ip?

Question 2:
With global (outside) 10 interface and nat (inside) 10 192.168.1.0 255.255.255.0 does it matter if you use the number 10 or the number 1? Can you use any number? NAT inside should that be done by my firewall or my router, i.e. should the ip address be the router or firewall?
More
14 years 4 months ago #34979 by matoposb0y
Here is my config:

ASA Version 8.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.0.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 192.168.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.36 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
!
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
More
14 years 4 months ago #34984 by matoposb0y
I FIXED IT! WHOOOHOOO!

Now I need to know how to access the printer which is behind the firewall from a computer who connects wirelessly to the router then the firewall and then the printer - any ideas?
Time to create page: 0.124 seconds