Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA 5510 Basic Config

Status
Not open for further replies.
m3the01

m3the01

Technical User
Feb 21, 2002
41
CA
So been out of the game for nearly 8 years, primarily a programmer now.

Trying to help a buddies company out configuring a ASA 5510,

What im trying to do,
1)internet pass through, pretty sure i did this with NAT before. They have one static-ip that ive configured.
2)DNS functionality, ie) if the local dns server cant resolve the name forward the request to the external ISP's DNS server. Im pretty sure this is just the order i list the dns servers but cant fully remember.
3)VPN from outside to inside in order to connect to a mysql server
4)pretty sure i need to state a static route for the default gateway of the ISP.
5)thats it thats all...

Any help with commands would great be appreciated!

I tried the web interface, set the security level of the outside static interface to 0 and inside static interface to 100 and the ip-addresses. Then setup NAT but i still can hit the web. I verifed by pinging using the web interface i can hit outside addresses but other than that im a little lost and out of my league.

Thanks for the help,

I will upload a config file tuesday morning,

Thanks again!
 
Sort by date Sort by votes
For the life of me i can get any client workstations on the internet.

Here is the config file,

Result of the command: "show running-config"

: Saved
:
ASA Version 7.0(7)
!
...
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:f2f318953596a9794d7f418688325726
: end
 
Upvote 0 Downvote
I have also tried to use the same pool id and a route outside metric of 1,

global (OUTSIDE) 200 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 0 access-list LAN1_nat0_inbound outside
nat (inside) 200 0.0.0.0 0.0.0.0
route OUTSIDE 0.0.0.0 0.0.0.0 xxx.179.192.1 1

The route outside is simply the default route when i do a ipconfig /all on a windows box. I assume this is the correct route.

Please help!
 
Upvote 0 Downvote
Please make sure that the contents of the 2 nat 0 acl's (inside_nat0 and LAN1_nat0_inbound) do not contain the internet destined traffic.

It would be helpful if you could either post the entire scrubbed config or atleast a copy of your "sh log" and "sh xlate" while attempting to connect.

IT Security news and information
In plain English
 
Upvote 0 Downvote
Thanks a lot i will post the updated scrubbed config files,

Please let me know if anything looks out of place or should concern me.

Everything in terms of VPN and inside->outside traffic seems to be working. VPN-clients can only hit the sql server, which is desired.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
967
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
834
intel233
intel233
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
566
gkreg
gkreg
phjames
  • Locked
  • Question
Replacement for ASA-5510
Replies
1
Views
247
ADB100
ADB100
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
802
Johnkite
Johnkite

Part and Inventory Search

Sponsor

Back
Top