Cisco ASA 5505 Setup
Hello Team,
Let me start out by saying I am a newbie. I have a Cisco ASA 5505. What I will like to do is wipe it clean and start from scratch.
What I need:
- Setup to work with a static dsl connection. (216.XXX.XXX.74, 255.255.255.0, 216.XXX.XXX.1)
- There is an SBS server handling dhcp and I will like to keep it that way. So DHCP should be disabled on the ASA.
- This ASA's ip should be 192.168.92.3
- I need the following tcp ports open (25, 443, 444, 1723, & 3389)
If anyone can help me set up a config file for it that would be sweet. thanks
Let me start out by saying I am a newbie. I have a Cisco ASA 5505. What I will like to do is wipe it clean and start from scratch.
What I need:
- Setup to work with a static dsl connection. (216.XXX.XXX.74, 255.255.255.0, 216.XXX.XXX.1)
- There is an SBS server handling dhcp and I will like to keep it that way. So DHCP should be disabled on the ASA.
- This ASA's ip should be 192.168.92.3
- I need the following tcp ports open (25, 443, 444, 1723, & 3389)
If anyone can help me set up a config file for it that would be sweet. thanks
ASKER
thanks, I will give it a try and keep you posted.
ASKER
I gave it a try and had no success. I ended up making some changes to the config file because the console was complaining about incorrect commands. Apart from getting a few error messages, I was not able to ping anything. After making the changes below, I can now do so, but the ports are not acting like a switch. It connects to the network allowing me to ping all devices, but I can not get online with the TW connection nor is the server picking up the static dsl connection. I have verified the isp static settings.
Here is a little info. I have 2 isp connections. (Dynamic cable internet & static dsl). The SBS server is using the static dsl connection and via dhcp provided by SBS the workstations are connecting using the timewarner connections. The timewarner connection is on GW 192.168.92.1. This setup has worked just fine with another crappy router I have. I am just looking to implement this ASA instead of the router currently in place.
This is what I have now..
interface vlan1
ip address 192.168.92.3 255.255.255.0
no shutdown
nameif inside
security-level 100
interface vlan2
ip address 216.XXX.XXX.74 255.255.255.0
no shutdown
nameif outside
security-level 0
interface Ethernet0/0
switchport access vlan2
no shutdown
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
access-list NONAT permit ip 192.168.92.0 255.255.255.0 192.168.92.0 255.255.255.0
access-list OUTSIDE_IN permit tcp any any eq 25
access-list OUTSIDE_IN permit tcp any any eq 443
access-list OUTSIDE_IN permit tcp any any eq 444
access-list OUTSIDE_IN permit tcp any any eq 1723
access-list OUTSIDE_IN permit tcp any any eq 3389
route outside 0.0.0.0 0.0.0.0 216.XXX.XXX.1
global (outside) 1
nat (inside) 0 access-list NONAT
nat (inside) 1 192.168.92.0 255.255.255.0
Here is a little info. I have 2 isp connections. (Dynamic cable internet & static dsl). The SBS server is using the static dsl connection and via dhcp provided by SBS the workstations are connecting using the timewarner connections. The timewarner connection is on GW 192.168.92.1. This setup has worked just fine with another crappy router I have. I am just looking to implement this ASA instead of the router currently in place.
This is what I have now..
interface vlan1
ip address 192.168.92.3 255.255.255.0
no shutdown
nameif inside
security-level 100
interface vlan2
ip address 216.XXX.XXX.74 255.255.255.0
no shutdown
nameif outside
security-level 0
interface Ethernet0/0
switchport access vlan2
no shutdown
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
access-list NONAT permit ip 192.168.92.0 255.255.255.0 192.168.92.0 255.255.255.0
access-list OUTSIDE_IN permit tcp any any eq 25
access-list OUTSIDE_IN permit tcp any any eq 443
access-list OUTSIDE_IN permit tcp any any eq 444
access-list OUTSIDE_IN permit tcp any any eq 1723
access-list OUTSIDE_IN permit tcp any any eq 3389
route outside 0.0.0.0 0.0.0.0 216.XXX.XXX.1
global (outside) 1
nat (inside) 0 access-list NONAT
nat (inside) 1 192.168.92.0 255.255.255.0
draw a diagram to demonstrate what you are trying to accomplish. it does not seem you are trying to do a straight forward configuation.
ASKER
That seemed a bit more complicated that it should have been.
Essentially.. all of the other stuff I mentioned is inrelevant to the ASA. The ASA will act as a switch and host the connection to the Static DSL. From the SBS I will use the ASA's gateway address to use its internet connection there. What I was mentioning before was that, via DHCP provided by the SBS, the workstations were given a gateway of of 192.168.92.1 to connect using the Timewarner connection.
Update: The ASA is working now, but when I check to see if a port is open it does not work. Does it matter that we are not pointing the tcp ports allowed specifically to the SBS (192.168.92.2). If it does, how do we add the ports to point specifically to the SBS.
Essentially.. all of the other stuff I mentioned is inrelevant to the ASA. The ASA will act as a switch and host the connection to the Static DSL. From the SBS I will use the ASA's gateway address to use its internet connection there. What I was mentioning before was that, via DHCP provided by the SBS, the workstations were given a gateway of of 192.168.92.1 to connect using the Timewarner connection.
Update: The ASA is working now, but when I check to see if a port is open it does not work. Does it matter that we are not pointing the tcp ports allowed specifically to the SBS (192.168.92.2). If it does, how do we add the ports to point specifically to the SBS.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you for all your help. I was able to figure out the port forwarding right before your last post.
Jorge
Jorge
interface Ethernet0/0
switchport access vlan 2
no shutdown
!
interface Ethernet0/1
switchport access vlan 3
no shutdown
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
interface vlan 2
ip address 216.xxx.xxx.74 255.255.255.0
no shutdown
nameif outside
security-level 0
interface vlan 3
ip address 192.168.92.3 255.255.255.0
no shutdown
nameif inside
security-level 100
access-list NONAT permit ip 192.168.92.0 255.255.255.0 192.168.92.0 255.255.255.0
access-list OUTSIDE_IN permit permit tcp any any eq 25
access-list OUTSIDE_IN permit permit tcp any any eq 443
access-list OUTSIDE_IN permit permit tcp any any eq 444
access-list OUTSIDE_IN permit permit tcp any any eq 1723
access-list OUTSIDE_IN permit permit tcp any any eq 3389
route outside 0.0.0.0 0.0.0.0 216.xxx.xxx.1
global (outside) 1
nat (inside) 0 access-list NONAT
nat (inside ) 1 192.168.92.0 255.255.255.0
Hope this helps