Brand new to cisco firewall, i could use help in the configuration

I'm new the Cisco Firewall we are trying to install. I could use and help in the configuration. Attached is out code. Id welcome any extra help
ASA Version 7.0(8)
!
hostname ciscoasa
enable password Q7DJw0sydkgmZ/3M encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif Outside
 security-level 0
 ip address 207.168.41.130 255.255.255.128
!
interface Ethernet0/1
 nameif DMZ
 security-level 0
 ip address 192.168.10.254 255.255.255.0
!
interface Ethernet0/2
 nameif Inside
 security-level 100
 ip address 10.10.10.254 255.255.255.0
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
mtu Outside 1500
mtu DMZ 1500
mtu Inside 1500
no failover
no asdm history enable
arp timeout 14400
route Outside 0.0.0.0 0.0.0.0 207.168.41.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
Cryptochecksum:edc6cb0012a025b301331a8fa302fdc4
: end

Open in new window

stwardyAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
devangshroffConnect With a Mentor Commented:
nat command is missing

nat (inside) 1 0 0
global (outside) 1 inteface



do this your net will start working
0
 
Andres PeralesCommented:
you can also http into that firewall, https://192.168.1.1 that will get you into the ADSM and it may help you out a bit to start....then you can compare you changes and learn the firewall
also
http://www.networksims.com/
good trainer / simlator
 
0
 
MikeKaneCommented:
When configuring the firewall, you should establish what kind of access you want to allow in and out of the interfaced such that you adhere to company policy.  

Identify Inside hosts/services you want to publish to the outside world.
Identify what traffic you would like to allow outbound.  
Identify what kind of traffic you want to allow inside, or even to a dmz.
Do you want to log?
Any VPNs?


At the moment, I see you are lacking access-lists/Access-groups to allow traffic to flow.  
I see you have no globals for NAT/PAT to handle the translations

Peralesa made a good suggestion on loading the ADSM, the GUI is usually easier for beginners instead of the Command line.  
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
stwardyAuthor Commented:
Thank you peralesa, I am reviewing the simulator now.

Mike,

I will eventually be configuring VPN access, translations and a dmz.  But, for now all I want to do is be able to access the internet from the inside interface.  My routers IP is 207.168.41.129.

I have the ADSM loaded and can access the gui.  What are the minimum requirements to allow access to the internet?
0
 
PugglewuggleCommented:
The easiest way to configure this is with command line - If you can post your running config (you can get this by using the console cable and typing "sh run") I can give you the commands you need to get online.
I will also need:
Your ISP IP:
you ISP subnet mask:
your ISP default gateway:
The internal IP range you want to use:
Please post this info and I'll have you online in (seriously) 5-10 minutes.
Cheers!
0
 
stwardyAuthor Commented:
ISP IP: 207.168.41.130
 ISP subnet mask:255.255.255.128
 ISP default gateway:297.168.41.129
The internal IP range you want to use: 10.10.10.0 to 10.10.10.254

ASA Version 7.0(8)
!
hostname ciscoasa
enable password Q7DJw0sydkgmZ/3M encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif Outside
 security-level 0
 ip address 207.168.41.130 255.255.255.128
!
interface Ethernet0/1
 nameif DMZ
 security-level 0
 ip address 192.168.10.254 255.255.255.0
!
interface Ethernet0/2
 nameif Inside
 security-level 100
 ip address 10.10.10.254 255.255.255.0
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
mtu Outside 1500
mtu DMZ 1500
mtu Inside 1500
no failover
no asdm history enable
arp timeout 14400
route Outside 0.0.0.0 0.0.0.0 207.168.41.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
Cryptochecksum:edc6cb0012a025b301331a8fa302fdc4
: end
0
 
PugglewuggleConnect With a Mentor Commented:
1st off: Upgrade your ASA software ASAP - 7.0 is almost 4 years old. The newest version is 8.0.4. You must upgrade the ASDM to version 6.1.3 to work with the new ASA software.
All your commands look good! Try pinging 4.2.2.2 from the ASA command line - if you get !!!!! as a response, that means you're online.
Do you want DHCP on your inside interface? Right now you need static IPs on the inside since you don't have the DHCP server enabled (unless you have another DHCP server you're using).
Cheers! Let me know!
0
 
MikeKaneCommented:
This:
global (outside) 1 inteface

should be
global (outside) 1 interface

small typo.....
0
 
PugglewuggleCommented:
Yes, that is missing, as well as several other commands.
But as far as getting this working to the asker's specification's, I need the info I asked for in my previous post to provide everything required.
Cheers!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.