Cisco ASA 5510 Simple NAT

Ok we just got our new firewall, and I just want to first start to allow all traffic to go out and browse the internet, nothing fancy...But fro some reason I cant.
Can someone point to very simple tutorial on how to get it working. I Went throught the initail wizard and nothing.

I have e0/0 WAN set to my external IP address 65.139.171.5
and then e0/1 LAN as my interntal gateway 192.168.25.0

Can anyone help?
quippeeAsked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
This is all you need to enable NAT:

global (outside) 10 interface
nat (inside) 10 0 0 0


0
 
lrmooreCommented:
>e0/1 LAN as my interntal gateway 192.168.25.0

.0 is not a valid IP address to assign the interface..
Add the following and see if works:

global (outside) 10 interface
nat (inside) 10 0 0 0

policy-map global_policy
  class inspection_default
    inspect icmp

You have to add the icmp to the inspect list because it is disabled by default....


0
 
quippeeAuthor Commented:
Sorry my mistake, Im going throught the wizard and I give  e0/0 the external IP with an apropriate gateway.
Then I configure e0/1 with an internal address let say 192.168.20.1 then when it goes to the natting is where im getting stuck.
I have 12 vaild ips from my ISP. I gave it one of them to the external inteface. e0/0. so What exactly do I have to set on the NAT. I never used PAT in other firewalls.
What exactly goes in teh GLobal IP address range. Since I cannot put my whole range of External IPs.


IN any other firewall:
Usually I just set the ext int. to have one of the ips from the ISP and then give an internal ip to the internal interface , tell it to NAT and thats it.

Sorry im just trying to get internet traffic through.

0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
wingateslCommented:
Can you please post your config here for review?
0
 
quippeeAuthor Commented:
Is that in command line..sorry I was trying to set it up on the gui.
here is my config

hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif WAN
 security-level 0
 ip address 64.139.171.45 255.255.255.240
!
interface Ethernet0/1
 nameif LAN0
 security-level 100
 ip address 192.168.20.1 255.255.0.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
mtu LAN0 1500
mtu WAN 1500
no failover
monitor-interface management
monitor-interface LAN0
monitor-interface WAN
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
nat (management) 0 0.0.0.0 0.0.0.0
route WAN 0.0.0.0 0.0.0.0 64.139.171.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
Cryptochecksum:22dc9db98a0f0f5db5c9a6dbd46f945a
: end
0
 
quippeeAuthor Commented:
Ok I was able to do a search and did it by command line and also saw it in the gui aftewards.. thanx experts.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.