Solved

Configure Static IP Address from Router to Cisco ASA

Posted on 2007-12-06
4
3,590 Views
Last Modified: 2010-04-21
I have a Belkin Wireless Modem/Router and a Cisco ASA 5505.  The Router is configured with DHCP to assign an IP address to the Cisco ASA, I am trying to give the Cisco ASA a fixed IP Address.

I have turned DHCP off the Belkin Router and configured a static ip of 192.168.2.3 on the Cisco ASA but this will not allow any pc connected to the ASA to access internet etc...

I have attached the start of my Cisco configuration below:

 Saved
:
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 192.168.2.3 255.255.255.0
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 security-level 50
 no ip address
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list USAOFFICE_splitTunnelAcl_1 standard permit any
access-list DefaultRAGroup_splitTunnelAcl_1 standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.192
access-list test_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool NaplesPool 192.168.1.30-192.168.1.35 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset

0
Comment
Question by:damsel__in__distress
  • 2
4 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20424429
There is no default route set on the ASA.  When you had the ASA configured for DHCP from the Belkin, you were probably getting the default gateway handed to the ASA automatically via DHCP.  When you configure the outside interface statically, you will have to manually configure the default gateway on the ASA, which will most likely be the IP address of the Belkin router itself.  Find out what that is (for example, let's say it is 192.168.2.1) and then enter the following command in the CLI:

route outside 0.0.0.0 0.0.0.0 192.168.2.1

See if that helps...
0
 
LVL 10

Expert Comment

by:cstosgale
ID: 20424471
This is because you have no default route confgured on the ASA. This would have been previously given out by dhcp. It is the same as the default gateway. to fix this, add this line to your config:-

ip route outside 0.0.0.0 0.0.0.0 192.168.2.1 1

(This assumes that the IP address of your belkin router is 192.168.2.1)

0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20424566
???

cstosgale, your command syntax is incorrect for an ASA...
0
 

Author Closing Comment

by:damsel__in__distress
ID: 31413285
Fantastic again batry_boy - Thank you.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now