HELP ME! I am setting up ASA 5505 and need to use PAT w...

Good evening,

I am learning new things all the time and the latest is the ASA5505. While much of it is simmilar to me because of the PIX experience I have had I am feeling lost with how to set up PAT while leveraging the current internet connectivity I have. That said I have FiOS using a Verizon router/firewall/WAP UltraLine Series 3 and the trouble I am facing is how to point my outside interface to enable dhcp. Please know that I have looked at so much on line material and nothing is really helping - seems most of what I read is puked up from some manual someone mentally digested and does little to help me realize what must be done to make it work.

Below is my current config (not that it is complete):


ASA Version 7.2(2)
!
hostname ciscoasa
enable password sQvh3hkyyCxLCIlN encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address dhcp
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:ee407f3f87e22c444542a3a970496429
: end

I would appreciate any help you can give me as I am certainly not an expert but then that is why I want to learn ASA so I can gain some expertise so any advice you have would be great.

Thanks,

Harrison~

This post ( www.firewall.cx/ftopict-7053-howto.html ) does a phenomenal job walking you through the process of setting up the ASA 5505 with PAT and Internet connectivity. I've used it about four times already and I'm successful every time with it.

I recommend clearing startup-config on your ASA and starting over when you go through that thread. If you're still unsuccessful, let us know and I can cross compare your running-config with mine. I'm not an ASA expert either, so I can't do that right now .

I still need to expand that post >.< Just havent really had the time lately

the trouble I am facing is how to point my outside interface to enable dhcp.

I understand that you want the outside interface to get an IP from a remote/outside DHCP server. Am I right?

If so, I can't seam to find a problem in your config. The line ip address dhcp should have done it. I even copy pasted your config into a fresh ASA and the outside got an IP from my DHCP server immediately!!. As shown:

ciscoasa#show interface vlan 2
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.451c.1b23, MTU 1500
IP address 192.168.0.162, subnet mask 255.255.255.0
Traffic Statistics for "outside":
.......
.......

Try to remove and add ip address dhcp again. Are you sure also that there is no firewall on the DHCP server or in between the ASA and the DHCP server?

r0nni3's post above is an excellent one for starters. I've previously recommended it to the fw.cx team and Chris liked it. So I second KiLLaBeE on having a look at it H4RR1S0N