Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New ASA 5510 1

Status
Not open for further replies.
fillthy

fillthy

IS-IT--Management
Joined
May 11, 2006
Messages
75
Location
CA
Hi all, very simple question. I have a brand new 5510 and need to set it up for internet access. I cannot figure it out. I know this is simple but I'm not really the Cisco guy here. the 2 interfaces are:

ethernet 0/0 (inside) 192.168.30.3
ethernet 0/1 (outside) dhcp 72.39.x.x 255.255.254.0

What would be the right commands to get internet access from the 0/0 subnet to the internet. And is it both NAT and Security Policy?

Cheers
Phil
 
Sort by date Sort by votes
Here is the minimum config to get it working

interface Ethernet0/1
nameif outside
security-level 0
ip address dhcp setroute

interface Ethernet0/0
nameif inside
security-level 100
ip address [InternalIPAddess] [InternalNetMask]


global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

If you want the ASA to do the DHCP then add this

dhcpd address [INTERNAL_IP_START]-[INTERNAL_IP_END] inside
dhcpd dns [DNS_IP#1] [DNS_IP#2]
dhcpd wins [WINS_IP#1]
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside

Hope this helps





Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Thanks so much, I had just figured it out when I saw your reply. Would you in your best laymans terms be able to descibe those two lines?

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

I take it to read that The "global" line sets the ip's used for nat on the outside interface? is the 1 just the pool id?

The "nat" line says nat all inside addresses to the outside? and the 1 is?

So you dont need an access control list to "get outside"?

Cheers for this
Phil


 
Upvote 0 Downvote
No access lists are needed to allow traffic out. It is allowed from a higher security interface to a lower security interface by default.

You are right - the "1" is just a way to associate the address to be natted and what they are to be natted to.



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Hi,

I dont know if i should start a new thread, but i have exactly the same issue as this, the only difference being the ISP side of things is not DHCP.

I have assigned a static IP and default route. I can get to the ASA from the internet on its assigned address, but it will not get traffic through?

Is there an extra command i need?

Thanks
 
Upvote 0 Downvote
To get internet traffic all I needed to do was from a default config choose the startup wizard and make sure PAT is chosen on the nat page and that it uses the outside interface. Hope this helps
Cheers
 
Upvote 0 Downvote
Yeah my settings were correct but i didnt do the most important thing.

reboot!

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
1K
intel233
intel233
intel233
  • Locked
  • Question Question
Cisco ASA - VPN Question
Replies
6
Views
1K
intel233
intel233
gkreg
  • Locked
  • Question Question
asa 5500-x url filtering
Replies
0
Views
696
gkreg
gkreg
phjames
  • Locked
  • Question Question
Replacement for ASA-5510
Replies
1
Views
386
ADB100
ADB100
AllenH12
  • Locked
  • Question Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
640
AllenH12
AllenH12

Part and Inventory Search

Sponsor

Back
Top