Inherited ASA 5505 confused about Config

Hi Everyone,
Thanks for the site it has helped and confused me more.

I inhereited an ASA 5505 in this new position I have and I found this site and followed the setup process.for Basic ASA 5505 configuration and it did not work. I could not access the outside (internet) that was a few months ago.

I got back to it the other day and still couldn't connect to the internet until I started playing around with outside and inside. When I set the computer I am using to access the console as dhcp I get out but the IP address of the computer is using my main network ip naming scheme rather than the ASA box naming scheme.

So I am confused I am attaching my running-config. Any help would be appreciated.


Thanks in advance

Hi dloj333 and welcome to Firewall.cx.

In regards to your confusion on how to setup the ASA Firewall, it usually happens when we skip through sections or read too fast, missing critical points.

From your configuration, I see that VLAN 2 - Outside interface is set to DHCP and also has the 'setroute' parameter, which means you do not need the following incorrect default route:

As a next step, I'd highly advise you read through the following small sections on our ASA Firewall Startup guide

Create, Configure and Apply TCP/UDP Object-Groups
Configuration of Access-Lists for ICMP Packets to the Internet
Appling Firewall Access-Lists to ‘inside’ and ‘outside’ Interfaces

After configuring the above, you should have a working ASA Firewall and your LAN will have Internet access.

The biggest issue in your configuration was that you had incorrectly configured the default route.

I will not be able to get back to this till Monday as I am on a sort of vacation, do IT guys ever get a vacation? :laugh:
Anyway thanks for the reply, I thought the route you pointed out was incorrect but was not sure how to get rid of it.

If you could point that out that would be great.

But if you the reading you suggested will inform me of that, good.

Thanks again, I am sure you will hear more from me as my learning progresses into the ASA 5505.

I have the ASA setup as a device on my network as I am learning it and am trying to build a vlan behind it. Once I am comfortable with it, it will become my main router/firewall and I hope to be able to build a couple of vlans with it.

Just append a 'no' and copy-paste the whole command while in priviledge-exec mode:
That should do the trick!

Good luck!

Thanks Chris,

Well that didn't seem to do the trick. So I started over with your basic ASA 5505 configuration sheet and here is my current show ru .

No though The ASA will not allow the command "global (outside) 1 interface" to go through.

Any suggestions?

Thanks in Advance

Hi dloj333,

If what you've posted is your actual configuration, then it seems like you've missed a few very important steps from our ASA Startup guide. A few very important steps I noticed with a quick look is that you haven't declared your INSIDE & OUTSIDE interfaces, not have you configured any access lists.

To save yourself time and trouble, I'd really advise you to go back to the article and read through it slowly and implement each section as you're reading it. The article has been written in a way that will allow the reader to configure their ASA firewall from the beginning of the article, without any problems.

Hope that helps.

Chris.