Skip to main content

HowTo: Basic ASA 5505 configuration

More
15 years 1 week ago #32592 by surnj1
Nice guide with clear cut explanation. However, it didn't work for me.
Today I was playing with my ASA 5505 and above configuration could not allow ping to any host on outside interface. I debugged and found out that it was denying the returning ICMP reply.

then

www.cisco.com/en/US/products/hw/vpndevc/...186a0080094e8a.shtml

explained that by default any ICMP is denied by ASA unless configured by ACL or ICMP inspection in global inspection policy.

such minor things (for you veterans) give us a chance to dig dipper for newbie like me.

Please keep it up!!!!
More
15 years 6 days ago #32671 by toy4two
Replied by toy4two on topic nice job
just wanted to say thank you for this write up. I purchased 4 5505's and spent 2 weeks trying to get them to work until I tried your post.

One thing I learned, don't depend on the ASDM for initial setup, do the CLI initially THEN you can play with ASDM.

Looking forward to your next installment.
More
14 years 10 months ago #33316 by Girishj22
Replied by Girishj22 on topic Simply Superb!!!
just wanted to say that i wasted around 3 weeks in searching for proper configuration steps.After reading your post it was really easy setting up the firewall.Thanks!!
More
14 years 9 months ago #33678 by cisco-tips
Replied by cisco-tips on topic Re: Fixed IP on ASA 5505

Good step by step, however you glossed over the part I need. I want to have a fixed IP on the outside. If I have it set to DHCP everything is fine but when I switch to a fixed IP I can no longer get out of the firewall. I am assuming it is a DNS or Routing problem but I can't figure out what to fix.

I am new to firewalls and everything I know I learned by trial and error.

Thanks in advance for any help.


When you had DHCP set route on the outside, the default route is obtained from the DHCP server (ISP), thus you don't need to specify a static default route. However, when you have static IP on outside, you must specify a static default route:

route outside 0.0.0.0 0.0.0.0 [gatewayIP]
More
14 years 4 months ago #34976 by matoposb0y
Question 1: When setting up vlan 2 :

ExampleASA(config)# interface vlan 2
ExampleASA(config-if)# ip address 212.115.192.193 255.255.255.248
ExampleASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ExampleASA(config-if)# exit
ExampleASA(config)# route outside 0.0.0.0 0.0.0.0 212.115.192.192

Must the IP address be the next hop? My router ip address is 192.168.0.1 - so is this what I should use?

The route outside - what are the three parts of it? If I have a router with ip address 192.168.0.1 what ip address should I be using for route outside? are the three parts of route outside the hops? so should I have route ip and outside ip?

Question 2:
With global (outside) 10 interface and nat (inside) 10 192.168.1.0 255.255.255.0 does it matter if you use the number 10 or the number 1? Can you use any number? NAT inside should that be done by my firewall or my router, i.e. should the ip address be the router or firewall?
More
14 years 4 months ago #34978 by matoposb0y
I found this:

ip route 0.0.0.0 0.0.0.0 139.130.34.43 (Here we tell our router to create a default route where any packet -defined by the first 0.0.0.0- no matter what subnetmask -defined by the second 0.0.0.0- is to be sent to ip 139.130.34.43 which would be the router we are connecting to)

should I just change 139.130.34.43 to my router ip - 192.168.0.1 ?

I have noticed that on vlan2 the ip address is different to the route outside address
Time to create page: 0.143 seconds