Skip to main content

Inherited ASA 5505 confused about Config

More
10 years 9 months ago #38501 by dloj333
Hi Everyone,
Thanks for the site it has helped and confused me more. :)

I inhereited an ASA 5505 in this new position I have and I found this site and followed the setup process.for Basic ASA 5505 configuration and it did not work. I could not access the outside (internet) that was a few months ago.

I got back to it the other day and still couldn't connect to the internet until I started playing around with outside and inside. When I set the computer I am using to access the console as dhcp I get out but the IP address of the computer is using my main network ip naming scheme rather than the ASA box naming scheme.

So I am confused I am attaching my running-config. Any help would be appreciated.

File Attachment:

File Name: Dan_runnin...nfig.txt
File Size:3 KB


Thanks in advance
Attachments:
More
10 years 8 months ago #38503 by Chris
Hi dloj333 and welcome to Firewall.cx.

In regards to your confusion on how to setup the ASA Firewall, it usually happens when we skip through sections or read too fast, missing critical points.

From your configuration, I see that VLAN 2 - Outside interface is set to DHCP and also has the 'setroute' parameter, which means you do not need the following incorrect default route:
Code:
route outside 0.0.0.0 0.0.0.0 192.168.17.57 1

As a next step, I'd highly advise you read through the following small sections on our ASA Firewall Startup guide

Create, Configure and Apply TCP/UDP Object-Groups
Configuration of Access-Lists for ICMP Packets to the Internet
Appling Firewall Access-Lists to ‘inside’ and ‘outside’ Interfaces


After configuring the above, you should have a working ASA Firewall and your LAN will have Internet access.

The biggest issue in your configuration was that you had incorrectly configured the default route.

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The following user(s) said Thank You: dloj333
More
10 years 8 months ago #38504 by dloj333
I will not be able to get back to this till Monday as I am on a sort of vacation, do IT guys ever get a vacation? :laugh:
Anyway thanks for the reply, I thought the route you pointed out was incorrect but was not sure how to get rid of it.

If you could point that out that would be great.

But if you the reading you suggested will inform me of that, good.

Thanks again, I am sure you will hear more from me as my learning progresses into the ASA 5505.

I have the ASA setup as a device on my network as I am learning it and am trying to build a vlan behind it. Once I am comfortable with it, it will become my main router/firewall and I hope to be able to build a couple of vlans with it.
More
10 years 8 months ago #38505 by Chris
Just append a 'no' and copy-paste the whole command while in priviledge-exec mode:
Code:
# config t (config)# no route outside 0.0.0.0 0.0.0.0 192.168.17.57 1

That should do the trick!

Good luck!

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
10 years 8 months ago #38508 by dloj333
Thanks Chris,

Well that didn't seem to do the trick. So I started over with your basic ASA 5505 configuration sheet and here is my current show ru .

No though The ASA will not allow the command "global (outside) 1 interface" to go through.

Any suggestions?

Thanks in Advance
Attachments:
More
10 years 8 months ago #38509 by Chris
Hi dloj333,

If what you've posted is your actual configuration, then it seems like you've missed a few very important steps from our ASA Startup guide. A few very important steps I noticed with a quick look is that you haven't declared your INSIDE & OUTSIDE interfaces, not have you configured any access lists.

To save yourself time and trouble, I'd really advise you to go back to the article and read through it slowly and implement each section as you're reading it. The article has been written in a way that will allow the reader to configure their ASA firewall from the beginning of the article, without any problems.

Hope that helps.

Chris.

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.142 seconds