Solved

ASA 5505 Configuration (Version 8.2) intial configuration question

Posted on 2011-03-09
4
758 Views
Last Modified: 2013-11-30
Hello
I've done the initial configuration with PAT, default route, DNS, DHCP, ect. but still can't get my computers to connect to the internet.

Any help on this would be greatly appreciated!!

Here is my running config:


Result of the command: "show running-config"

: Saved
:
ASA Version 8.2(1)
!
hostname ciscoASA
enable password xxxxxxxxxxx encrypted
passwd xxxxxxxxx encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.40.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xxx.xxx.xxx.xxx 255.255.255.240
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
banner motd *****************************  USAGE WARNING!  *********************************
banner motd ********************************************************************************

ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 8.8.8.8
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inside_access_in extended permit ip 192.168.40.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo-reply outside
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.40.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.40.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 8.8.8.8 8.8.8.8
dhcpd auto_config outside
!
dhcpd address 192.168.40.100-192.168.40.125 inside
dhcpd dns 8.8.8.8 8.8.8.8 interface inside
dhcpd lease 432000 interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:87b59dec3735aa85b43b18106299c663
: end
0
Comment
Question by:CProp
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Kvistofta
ID: 35088189
You have applied an nonexistent acl to your inside interface, which blocks all traffic.

/Kvistofta
0
 

Author Comment

by:CProp
ID: 35090987
Hi Kvistofta
Any configuration suggestion on resolving my issue in an efficient way?
I'm just wondering if better to modify through command line or ASDM?

Thanks in advance for your help.
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 35091747
You have to define which traffic to allow from inside to internet. For testing allow .pl traffic:

Access-list inside_access_in permit ip any any

/Kvistofta
0
 

Author Comment

by:CProp
ID: 35099577
Great Thanks
+ I appreciate the quick responses!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
Local Printing Using Remote Desktop Windows 7 sometimes has issues with printing to a local printer using a Remote Desktop Connection (RDC). The 1st step is to verify that printers are checked on the Local Resources tab of the Remote Desktop C…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now