Solved

Cisco ASA 5510 Simple NAT

Posted on 2006-06-27
6
2,393 Views
Last Modified: 2008-01-09
Ok we just got our new firewall, and I just want to first start to allow all traffic to go out and browse the internet, nothing fancy...But fro some reason I cant.
Can someone point to very simple tutorial on how to get it working. I Went throught the initail wizard and nothing.

I have e0/0 WAN set to my external IP address 65.139.171.5
and then e0/1 LAN as my interntal gateway 192.168.25.0

Can anyone help?
0
Comment
Question by:quippee
  • 3
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
>e0/1 LAN as my interntal gateway 192.168.25.0

.0 is not a valid IP address to assign the interface..
Add the following and see if works:

global (outside) 10 interface
nat (inside) 10 0 0 0

policy-map global_policy
  class inspection_default
    inspect icmp

You have to add the icmp to the inspect list because it is disabled by default....


0
 

Author Comment

by:quippee
Comment Utility
Sorry my mistake, Im going throught the wizard and I give  e0/0 the external IP with an apropriate gateway.
Then I configure e0/1 with an internal address let say 192.168.20.1 then when it goes to the natting is where im getting stuck.
I have 12 vaild ips from my ISP. I gave it one of them to the external inteface. e0/0. so What exactly do I have to set on the NAT. I never used PAT in other firewalls.
What exactly goes in teh GLobal IP address range. Since I cannot put my whole range of External IPs.


IN any other firewall:
Usually I just set the ext int. to have one of the ips from the ISP and then give an internal ip to the internal interface , tell it to NAT and thats it.

Sorry im just trying to get internet traffic through.

0
 
LVL 15

Expert Comment

by:wingatesl
Comment Utility
Can you please post your config here for review?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
Comment Utility
This is all you need to enable NAT:

global (outside) 10 interface
nat (inside) 10 0 0 0


0
 

Author Comment

by:quippee
Comment Utility
Is that in command line..sorry I was trying to set it up on the gui.
here is my config

hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif WAN
 security-level 0
 ip address 64.139.171.45 255.255.255.240
!
interface Ethernet0/1
 nameif LAN0
 security-level 100
 ip address 192.168.20.1 255.255.0.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
mtu LAN0 1500
mtu WAN 1500
no failover
monitor-interface management
monitor-interface LAN0
monitor-interface WAN
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
nat (management) 0 0.0.0.0 0.0.0.0
route WAN 0.0.0.0 0.0.0.0 64.139.171.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
Cryptochecksum:22dc9db98a0f0f5db5c9a6dbd46f945a
: end
0
 

Author Comment

by:quippee
Comment Utility
Ok I was able to do a search and did it by command line and also saw it in the gui aftewards.. thanx experts.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
assessing firewall rules 3 72
GPR - Cannot telnet 15 83
palo alto VM series in AWS 3 77
How to create one more DMZ subnet? 8 69
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now