Link to home
Start Free TrialLog in
Avatar of Comptx
Comptx

asked on

No connectivity with Cisco ASA 5505

Hello,

I did a reset on the cisco asa 5505. This helped me restore conectivity. But i noticed that now it has assigned an IP to the (outside) interface usign DHCP. If i go and edit this then make it static and put that same IP, i lose conection again. I have to make it dhcp to have conection.

Why wont it let me assigned the static ip? i got 5 ips i can use but none work if i specify static ip.

On the Interface status says (when it works)
Inside -no ip address-line DOWN link:up
outside -dhcp configured- line DOWN link:up
Avatar of bkepford
bkepford
Flag of United States of America image

I think the default is that it sets a default gateway of what ever the DHCP server has. when you set it to static you need add a static route.
Avatar of Comptx
Comptx

ASKER

For the static route do i choose the inside or outside vlan?
You need to chose the default gateway your provider gives you
route 0.0.0.0 0.0.0.0 <IP PROVIDERS GATEWAY>
Avatar of Comptx

ASKER

I just cant find where to put the numbers at. When i go in to Static Route, it tells me to select a Vlan (outside,inside) then tells me to add ip, mask, then gateway ip (i put the isp router gateway here) then metric/
I do everything from the command line but I believe it is outside the ip address is going to be 0.0.0.0 mask is going to be 0.0.0.0 and then the gateway address.
Avatar of Comptx

ASKER

the command line has to be with the console cable connected?
Avatar of Comptx

ASKER

Well i added on the outside 0.0.0.0 ip 0.0.0.0. mask, then the dsl gateway ip. but nothing.
No you can use telnet. Once you have telneted in and entered the password copy this in (changing the IP of the gateway of course.
after you do that type in "show route" and paste in the output.
en
conf t
route outside 0.0.0.0 0.0.0.0 <IP PROVIDERS GATEWAY>
Avatar of Comptx

ASKER

Ok, it doesnt let me connect to the ASA with its default ip of 192.168.1.1.  However i tried the gateway address and it let me connect to it. I need to do the change in the ASA correct?
Can you post the running configuration beofre you make a change I would hate to do more harm then good.
"show run"
Avatar of Comptx

ASKER

With connection (no static ip assigned to it) this is the config

: Saved
:
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password udxi8XKHJKW0Yggp encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.248
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
monitor-interface inside
monitor-interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.248 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.6 inside
dhcpd enable inside
!

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:0c2bfcd726ac716f887d7118596fbf67
: end
asdm image disk0:/asdm-523.bin
no asdm history enable

With this configuration can you post a "show route"
Ok if you have it working there and your static IP addresses are not working lets look at what you get from the DHCP server.
IP address
subnet mask
default gateway
dns server
So call your provider ask for these things make sure they verify there configuration to your equipment. Then we can fix your problem.
Avatar of Comptx

ASKER

the dsl router is set up as a IP-Passthrough.
the info will be
static ip assigned: *.*.*.41-45 (5 IP's)
subnet *.*.*.40
subnet mask 255.255.255.248
dns 68.*.*.1
gateway *.*.*.46
So to set it up with a static IP
interface Vlan2
ip address *.*.*.41 255.255.255.248

route outside 0.0.0.0 0.0.0.0 *.*.*.46

dhcpd dns 68.*.*.1

If you add in these things then it should work.

Avatar of Comptx

ASKER


when i go to create a static route, i selected 'outside interface,
but i am confused with the number you wrote.  Where do the 0.0.0.0.0.0.0.0. go?
i get Ip address field, mask field, gateway ip field, and metric field.
ASKER CERTIFIED SOLUTION
Avatar of bkepford
bkepford
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
metric value just put as 1
Avatar of Comptx

ASKER

Awsome! its working now. Thanks alot for your help.
Avatar of Comptx

ASKER

Thanks
Avatar of Comptx

ASKER

Well, i went away for a few, and when i came back i dont have connection anymore. there is internet at the dsl router but it stiopped having at the cisco. i tried restarting cisco, restarting pc but nothing. any ideas?