Link to home
Start Free TrialLog in
Avatar of Sgfjacobs
SgfjacobsFlag for United States of America

asked on

ASA basic setup

I need help setting up my ASA 5520. Its just a basic configuration, the outside it directly connected to my cable modem and the inside is connected to my internal network. I've never setup on of these before and I think the issue lies in my NAT config. When I hook it up I can connect to the ASA internally and it works but I can not get through to the internet on the outside interface. Any suggestions??
: Saved
:
ASA Version 8.2(1) 
!
hostname CiscoASA
enable password 9.ATObUmMR7bJmNa encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
 description Internet
 nameif outside
 security-level 0
 ip address 208.x.x.150 255.255.255.248 
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 192.168.1.254 255.255.255.0 
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 no nameif
 no security-level
 no ip address
!
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 24.92.226.11
 name-server 24.92.226.12
dns server-group Internal
 name-server 192.168.1.1
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inside_access_in extended permit ip any any 
access-list inside_access_in extended permit tcp any any eq www 
access-list inside_access_in extended permit icmp any any 
access-list inside_access_in extended permit tcp any any 
access-list outside_access_in extended permit ip any any 
access-list outside_access_in extended permit udp any any eq www 
access-list outside_access_in extended permit icmp any any 
access-list outside_access_in extended permit tcp any any 
access-list outside_access_in extended permit tcp any any eq www 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 208.x.x.146
global (inside) 1 208.x.x.150 netmask 255.0.0.0
nat (inside) 0 192.168.1.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route inside 0.0.0.0 255.255.255.248 208.x.x.145 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.3 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.3-192.168.1.253 inside
dhcpd dns 192.168.1.1 interface inside
dhcpd wins 192.168.1.1 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny  
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip  
  inspect xdmcp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:c63c3eb525b515ebdd8f7b1bdae9bebc
: end
asdm image disk0:/asdm-621.bin
no asdm history enable

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Istvan Kalmar
Istvan Kalmar
Flag of Hungary image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Sgfjacobs
Sgfjacobs
Flag of United States of America image

ASKER

Thanks ikalmar!! It's now working great. Thanks a bunch.