Solved

Cisco ASA 5510 Simple NAT

Posted on 2006-06-27
6
2,401 Views
Last Modified: 2008-01-09
Ok we just got our new firewall, and I just want to first start to allow all traffic to go out and browse the internet, nothing fancy...But fro some reason I cant.
Can someone point to very simple tutorial on how to get it working. I Went throught the initail wizard and nothing.

I have e0/0 WAN set to my external IP address 65.139.171.5
and then e0/1 LAN as my interntal gateway 192.168.25.0

Can anyone help?
0
Comment
Question by:quippee
  • 3
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16996284
>e0/1 LAN as my interntal gateway 192.168.25.0

.0 is not a valid IP address to assign the interface..
Add the following and see if works:

global (outside) 10 interface
nat (inside) 10 0 0 0

policy-map global_policy
  class inspection_default
    inspect icmp

You have to add the icmp to the inspect list because it is disabled by default....


0
 

Author Comment

by:quippee
ID: 16996385
Sorry my mistake, Im going throught the wizard and I give  e0/0 the external IP with an apropriate gateway.
Then I configure e0/1 with an internal address let say 192.168.20.1 then when it goes to the natting is where im getting stuck.
I have 12 vaild ips from my ISP. I gave it one of them to the external inteface. e0/0. so What exactly do I have to set on the NAT. I never used PAT in other firewalls.
What exactly goes in teh GLobal IP address range. Since I cannot put my whole range of External IPs.


IN any other firewall:
Usually I just set the ext int. to have one of the ips from the ISP and then give an internal ip to the internal interface , tell it to NAT and thats it.

Sorry im just trying to get internet traffic through.

0
 
LVL 15

Expert Comment

by:wingatesl
ID: 16996802
Can you please post your config here for review?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 16997040
This is all you need to enable NAT:

global (outside) 10 interface
nat (inside) 10 0 0 0


0
 

Author Comment

by:quippee
ID: 16997762
Is that in command line..sorry I was trying to set it up on the gui.
here is my config

hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif WAN
 security-level 0
 ip address 64.139.171.45 255.255.255.240
!
interface Ethernet0/1
 nameif LAN0
 security-level 100
 ip address 192.168.20.1 255.255.0.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
mtu LAN0 1500
mtu WAN 1500
no failover
monitor-interface management
monitor-interface LAN0
monitor-interface WAN
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
nat (management) 0 0.0.0.0 0.0.0.0
route WAN 0.0.0.0 0.0.0.0 64.139.171.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
Cryptochecksum:22dc9db98a0f0f5db5c9a6dbd46f945a
: end
0
 

Author Comment

by:quippee
ID: 16997851
Ok I was able to do a search and did it by command line and also saw it in the gui aftewards.. thanx experts.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question