Solved

Cisco ASA 5510 Simple NAT

Posted on 2006-06-27
6
2,400 Views
Last Modified: 2008-01-09
Ok we just got our new firewall, and I just want to first start to allow all traffic to go out and browse the internet, nothing fancy...But fro some reason I cant.
Can someone point to very simple tutorial on how to get it working. I Went throught the initail wizard and nothing.

I have e0/0 WAN set to my external IP address 65.139.171.5
and then e0/1 LAN as my interntal gateway 192.168.25.0

Can anyone help?
0
Comment
Question by:quippee
  • 3
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16996284
>e0/1 LAN as my interntal gateway 192.168.25.0

.0 is not a valid IP address to assign the interface..
Add the following and see if works:

global (outside) 10 interface
nat (inside) 10 0 0 0

policy-map global_policy
  class inspection_default
    inspect icmp

You have to add the icmp to the inspect list because it is disabled by default....


0
 

Author Comment

by:quippee
ID: 16996385
Sorry my mistake, Im going throught the wizard and I give  e0/0 the external IP with an apropriate gateway.
Then I configure e0/1 with an internal address let say 192.168.20.1 then when it goes to the natting is where im getting stuck.
I have 12 vaild ips from my ISP. I gave it one of them to the external inteface. e0/0. so What exactly do I have to set on the NAT. I never used PAT in other firewalls.
What exactly goes in teh GLobal IP address range. Since I cannot put my whole range of External IPs.


IN any other firewall:
Usually I just set the ext int. to have one of the ips from the ISP and then give an internal ip to the internal interface , tell it to NAT and thats it.

Sorry im just trying to get internet traffic through.

0
 
LVL 15

Expert Comment

by:wingatesl
ID: 16996802
Can you please post your config here for review?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 16997040
This is all you need to enable NAT:

global (outside) 10 interface
nat (inside) 10 0 0 0


0
 

Author Comment

by:quippee
ID: 16997762
Is that in command line..sorry I was trying to set it up on the gui.
here is my config

hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif WAN
 security-level 0
 ip address 64.139.171.45 255.255.255.240
!
interface Ethernet0/1
 nameif LAN0
 security-level 100
 ip address 192.168.20.1 255.255.0.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
mtu LAN0 1500
mtu WAN 1500
no failover
monitor-interface management
monitor-interface LAN0
monitor-interface WAN
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
nat (management) 0 0.0.0.0 0.0.0.0
route WAN 0.0.0.0 0.0.0.0 64.139.171.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
Cryptochecksum:22dc9db98a0f0f5db5c9a6dbd46f945a
: end
0
 

Author Comment

by:quippee
ID: 16997851
Ok I was able to do a search and did it by command line and also saw it in the gui aftewards.. thanx experts.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question