Solved

Cisco ASA 5510 Simple NAT

Posted on 2006-06-27
6
2,402 Views
Last Modified: 2008-01-09
Ok we just got our new firewall, and I just want to first start to allow all traffic to go out and browse the internet, nothing fancy...But fro some reason I cant.
Can someone point to very simple tutorial on how to get it working. I Went throught the initail wizard and nothing.

I have e0/0 WAN set to my external IP address 65.139.171.5
and then e0/1 LAN as my interntal gateway 192.168.25.0

Can anyone help?
0
Comment
Question by:quippee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16996284
>e0/1 LAN as my interntal gateway 192.168.25.0

.0 is not a valid IP address to assign the interface..
Add the following and see if works:

global (outside) 10 interface
nat (inside) 10 0 0 0

policy-map global_policy
  class inspection_default
    inspect icmp

You have to add the icmp to the inspect list because it is disabled by default....


0
 

Author Comment

by:quippee
ID: 16996385
Sorry my mistake, Im going throught the wizard and I give  e0/0 the external IP with an apropriate gateway.
Then I configure e0/1 with an internal address let say 192.168.20.1 then when it goes to the natting is where im getting stuck.
I have 12 vaild ips from my ISP. I gave it one of them to the external inteface. e0/0. so What exactly do I have to set on the NAT. I never used PAT in other firewalls.
What exactly goes in teh GLobal IP address range. Since I cannot put my whole range of External IPs.


IN any other firewall:
Usually I just set the ext int. to have one of the ips from the ISP and then give an internal ip to the internal interface , tell it to NAT and thats it.

Sorry im just trying to get internet traffic through.

0
 
LVL 15

Expert Comment

by:wingatesl
ID: 16996802
Can you please post your config here for review?
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 16997040
This is all you need to enable NAT:

global (outside) 10 interface
nat (inside) 10 0 0 0


0
 

Author Comment

by:quippee
ID: 16997762
Is that in command line..sorry I was trying to set it up on the gui.
here is my config

hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif WAN
 security-level 0
 ip address 64.139.171.45 255.255.255.240
!
interface Ethernet0/1
 nameif LAN0
 security-level 100
 ip address 192.168.20.1 255.255.0.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
mtu LAN0 1500
mtu WAN 1500
no failover
monitor-interface management
monitor-interface LAN0
monitor-interface WAN
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
nat (management) 0 0.0.0.0 0.0.0.0
route WAN 0.0.0.0 0.0.0.0 64.139.171.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
Cryptochecksum:22dc9db98a0f0f5db5c9a6dbd46f945a
: end
0
 

Author Comment

by:quippee
ID: 16997851
Ok I was able to do a search and did it by command line and also saw it in the gui aftewards.. thanx experts.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question