Solved

How to setup asa 5505 with dual wan interfaces, and SBS 2008

Posted on 2011-03-22
29
1,168 Views
Last Modified: 2012-05-11
OK.
I am about to recieve two asa 5505 appliances to connect two client offices.
main office has static ip, SBS 2008, AD, DHCP, DNS...basic linksys router(dhcp in router off)

remote office has one user currently, that uses RDP into server to run clinical software.simple linksys router with statip ip address in T1.

i need to route the remote user to hardware VPN between one new 5505 at the remote office and one new 5505 at main office with bonded 4.5m T1 with static IP. so i can add that remote user to the AD and manage the remote machine. Thats the easy part i believe, but now for the hard part,

The new clinical system about to be deployed is cloud based and requires its own deticated internet service. So i will have a second cable ISP with Static IP that i need to route this clinical system on.

so the asa 5505 at the main location will have a 4.5Mb T1 in WAN1 port and a Cable modem in the WAN2 port.(I dont have the devices in yet, so thats the terms iill use for now) email, basic internet traffic needs to run on the WAN1, and clinical software inteernet request run in and out on WAN2.

Remember that i dont have the devices in yet, but i hope to by the end of the week!
Never worked with the asa 5505 before, but have worked with several Sonicwall routers in the past.

Ideas?
Theories?
Thanks in advance!
0
Comment
Question by:Tonyc92007
  • 20
  • 9
29 Comments
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
The ASA devices can only have 1 default route to the internet, so to use the 2nd interface, you would need to know the ip ranges for the cloud in order to add static routes out of the ASA and into the correct connection.  

So if I read that right, each site with have an ASA with 2 connections, 1 for VPN and the 2nd at each site for this cloud service.   Correct?  

That should be do-able with static routes on each ASA so long as you know the cloud ip range and you have at least 1 asa with a static IP.
0
 

Author Comment

by:Tonyc92007
Comment Utility
Mostly correct...
Remote site will only have one internet connection. I think the clinical software will give me the ip address of the cloud server to map to the second cable internet. I need the remote site to use the VPN back to main site for the clinical software cloud request.l, but use the remote site local T1 for surfing internet..
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
Then when you create the tunnel between the 2 devices, you will just need to add a line to the crypto map match statement for the vpn so that the Cloud Host's IP will be included in the tunnel spec.   This way, you will not only tunnel the IP's for the remote subnet, but also the IP for the Cloud host.    


0
 

Author Comment

by:Tonyc92007
Comment Utility
Thanks for the information.
Hope to have devices in tomorrow or monday so i can get started testing.

ill let you know
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
Any luck?
0
 

Author Comment

by:Tonyc92007
Comment Utility
just got devices in...was trying to download the latest firmware and such...but i cant since i have to register them first...ill play areond a bit tonight and contact cisco tomorrow about the updates....

ill be posting over the next few days
0
 

Author Comment

by:Tonyc92007
Comment Utility
arg,,,more delays..
Cisco wil not activate my smart net until i recieve everything..that will be two more weeks!

played with the GUI for sertup..not sure i like it......need to get adapter to use console ......
its always something!
0
 

Author Comment

by:Tonyc92007
Comment Utility
ok...this week is it....cisco still hasnt avtivated my smartnet as yet, but i cannot wait any longer...
looked at the GUI and it is a pain...
getting a USB to 9 pin serial adapter todat for console work. Any recommendations for an adapter since my Win7 notebook has no seriel port?
0
 

Author Comment

by:Tonyc92007
Comment Utility
ok...there were a bunch of odd settings in the ASA already, so i factory wiped it and allowed setup to create interfaces for me. DHCP enabled on both internal
i plan to verify internet passthrough and then start changing things.

internal interface will hav DHCP off---(vlan10?)
1st external interface will be static IP through bonded t1 router.(Vlan 50)

i need a second external statis IP interface the is used for traffic requests too and from three cloud servers. ill call them server1.clinic.net, server2.clinic.net, and server3.clinic.net (Vlan60?)

so all internal SBS domain normal internet traffic needs to route through Vlan10.
client software that request traffic to and from server1.clinic.net, server2.clinic.net, and server3.clinic.net must use Vlan 60.

ready for thoughts and recommendationds!!
thanks
ciscoasa# configure factory-default 10.0.0.1 255.255.255.0
                    ^
ERROR: % Invalid input detected at '^' marker.
ciscoasa# conf t
ciscoasa(config)# configure factory-default 10.0.0.1 255.255.255.0
Based on the inside IP address and mask, the DHCP address
pool size is reduced to 250 from the platform limit 256

WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.

Begin to apply factory-default configuration:
Clear all configuration
WARNING: DHCPD bindings cleared on interface 'inside', address pool removed
Executing command: interface Ethernet 0/0
Executing command: switchport access vlan 2
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/1
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/2
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/3
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/4
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/5
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/6
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/7
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface vlan2
Executing command: nameif outside
INFO: Security level for "outside" set to 0 by default.

ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 10.0.0.5-10.0.0.254 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:***************************
: end
ciscoasa(config)#

Open in new window

0
 

Author Comment

by:Tonyc92007
Comment Utility
humm...i dont like using default vlan id's, but i cant seem change them..
ideas?
0
 

Author Comment

by:Tonyc92007
Comment Utility
anyone there?
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
I don't have a 5505 handy to test with.  But you should be able to change default vlans and set up a 2nd external interface should be as simple as:

no interface Vlan2

interface Vlan50
 nameif outside
 security-level 0
 ip address dhcp setroute


interface Vlan60
 nameif out-to-cloud
 security-level 10
 ip address dhcp setroute

interface Ethernet0/0
 no switchport access vlan 2
 switchport access vlan 50

interface Ethernet0/1
 switchport access vlan 60


-or- as a trunk

interface Ethernet0/0
 no switchport access vlan 2
 switchport trunk allowed vlan 50
 switchport trunk allowed vlan 60
 switchport mode trunk




Look here for more details:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html


0
 

Author Comment

by:Tonyc92007
Comment Utility
ARG>>>>>>>>>>>>>
all kinds of issuse...
put in all settings via GUI....but no internet throughput
PAT is setup, but perhaps thats the issue...

this is a  pain....i guess ill have to reset to default and try again
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
Can you post the redone config here?  

Also, from the CLI, make sure you can ping an internal host, make sure you can ping the external gateway.  

From the host, make the outbound attempt.   Then on the CLI, do a SHOW XLATE and see if the internal host is getting a PAT address assigned.   You can also CLEAR XLATE and redo the attempt if you like.  

0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:Tonyc92007
Comment Utility
ok...ill get that posted...
it seems like the defaults are getting in the way...even the factory default internal DHCP on and similar ip address is the issue...
wish i could blank all settings and start from there/
0
 

Author Comment

by:Tonyc92007
Comment Utility
Ok...
here is the config im testing...
i have to go back onsite and try it....

thoughts
I think i need a gateway somewherein there though
on the vlan 50


ciscoasa> enable
Password: ******
ciscoasa# show running-config
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password ************* encrypted
passwd **************** encrypted
names
!
interface Vlan1
 no nameif
 no security-level
 no ip address
!
interface Vlan10
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan50
 nameif outside
 security-level 0
 ip address 72.x.x.x.x 255.255.255.248
!
interface Vlan60
 nameif clinical
 security-level 10
 ip address 207.x.x.x.x 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 50
!
interface Ethernet0/1
 switchport access vlan 60
!
interface Ethernet0/2
 switchport access vlan 10
!
interface Ethernet0/3
 switchport access vlan 10
!
interface Ethernet0/4
 switchport access vlan 10
!
interface Ethernet0/5
 switchport access vlan 10
!
interface Ethernet0/6
 switchport access vlan 10
!
interface Ethernet0/7
 switchport access vlan 10
!
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu clinical 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config clinical
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:b868ad1857d705ae3f56280ba4e327d7
: end
ciscoasa#
ciscoasa#

Open in new window

0
 

Author Comment

by:Tonyc92007
Comment Utility
well in trying to get a def gateway...
i got a bad route in there 1.1.1.1

how to get rid of it?

also i canot access router through GUI now...i wanted to look at live trafic, but it wont connect to 192.168.1.1

Pulling out my hair, and running out of time...i need it by friday or monday at the latest!!!
BTW-show xlate
0 in use, 0 most used
Thnks

HSV5505# show config
: Saved
: Written by enable_15 at 16:44:24.499 UTC Mon May 16 2011
!
ASA Version 8.2(1)
!
hostname HSV5505
enable password ************ encrypted
passwd ********* encrypted
names
!
interface Vlan1
 no nameif
 no security-level
 no ip address
!
interface Vlan10
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan50
 nameif outside
 security-level 0
 ip address 72.*.*.* 255.255.255.248
!
interface Vlan60
 nameif clinical
 security-level 10
 ip address 207.*.*.*  255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 50
!
interface Ethernet0/1
 switchport access vlan 60
!
interface Ethernet0/2
 switchport access vlan 10
!
interface Ethernet0/3
 switchport access vlan 10
!
interface Ethernet0/4
 switchport access vlan 10
!
interface Ethernet0/5
 switchport access vlan 10
!
interface Ethernet0/6
 switchport access vlan 10
!
interface Ethernet0/7
 switchport access vlan 10
!
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu clinical 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
route outside 0.0.0.0 0.0.0.0 72.*.*.* 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config clinical
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:281f96d67c8c4bf7ad77473da2af8366
HSV5505#

Open in new window

0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
Comment Utility
Remove the bad route with

config t
no route outside 0.0.0.0 0.0.0.0 1.1.1.1



On the ASA, you can only have 1 default gateway.   This is 99.99% of the time looking outbound to the internet via your ISP gateway (which is what you have).  Any routes internally must use a static route or some other routing protocol the ASA supports.  


For the GUI, it looks like you are missing:

http 192.168.1.0 255.255.255.0 inside



That show xlate 0 0 is telling you that nothing is hitting the ASA and getting a NAT assigned.  In an earlier post, you mentioned that you had PAT setup, but I don't see that here.  

Try adding the following for PAT:

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0





0
 

Author Comment

by:Tonyc92007
Comment Utility
well i had done another factory default....

ill try those additional settings tonight onsite

thanks
0
 

Author Comment

by:Tonyc92007
Comment Utility
ok...
looks like internet is passing through now....thanks!! Sweet!!
NOw i need to open ports for exchange server, https to my internal SBS server

xlate
18 in use, 80 most used
PAT Global 72.*.*.*(22888) Local 192.168.1.67(54403)
PAT Global 72.*.*.*(44061) Local 192.168.1.67(54402)
PAT Global 72.*.*.*(36747) Local 192.168.1.67(54401)
PAT Global 72.*.*.*(32203) Local 192.168.1.67(54377)
PAT Global 72.*.*.*(53314) Local 192.168.1.67(54366)
PAT Global 72.*.*.*(48588) Local 192.168.1.67(54365)
PAT Global 72.*.*.*(64508) Local 192.168.1.67(54364)
PAT Global 72.*.*.*(30448) Local 192.168.1.67(54363)
PAT Global 72.*.*.*(57392) Local 192.168.1.67(54356)
PAT Global 72.*.*.*(41215) Local 192.168.1.67(54354)
PAT Global 72.*.*.*(28698) Local 192.168.1.67(54353)
PAT Global 72.*.*.*(22180) Local 192.168.1.67(54352)
PAT Global 72.*.*.*(12926) Local 192.168.1.67(54351)
PAT Global 72.*.*.*(6846) Local 192.168.1.67(54349)
PAT Global 72.*.*.*(9594) Local 192.168.1.67(54342)
PAT Global 72.*.*.*(21914) Local 192.168.1.67(63664)
PAT Global 72.*.*.*(20134) Local 192.168.1.6(9256)

192.168.1.6 is SBS 2008 server,.67 is workstation

now i need what part to set next
site to site VPN or the clinical routing to the Vlan 60? Traffic requests going to server1.clinical.net, server2.clinical.net and server3.clinical.net (Just server names i am using) needs to be routed through Vlan 60 on the assignesd IP address

Also the site to site VPN needs to follow the same clinical routing!

Once again...thanks a lot....
: Saved
: Written by enable_15 at 18:07:11.909 UTC Tue May 17 2011
!
ASA Version 8.2(1)
!
hostname HSV5505
enable password ************** encrypted
passwd ***************encrypted
names
!
interface Vlan1
 no nameif
 no security-level
 no ip address
!
interface Vlan10
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan50
 nameif outside
 security-level 0
 ip address 72.*.*.*  255.255.255.248
!
interface Vlan60
 nameif clinical
 security-level 10
 ip address 207.*.*.* 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 50
!
interface Ethernet0/1
 switchport access vlan 60
!
interface Ethernet0/2
 switchport access vlan 10
!
interface Ethernet0/3
 switchport access vlan 10
!
interface Ethernet0/4
 switchport access vlan 10
!
interface Ethernet0/5
 switchport access vlan 10
!
interface Ethernet0/6
 switchport access vlan 10
!
interface Ethernet0/7
 switchport access vlan 10
!
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu clinical 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 72.*.*.* 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config clinical
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:

Open in new window

0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
To open ports internally you need something along these lines:

static (inside, outside) tcp interface smtp  192.168.1.6 smtp netmask 255.255.255.255
static (inside, outside) tcp interface https  192.168.1.6 https netmask 255.255.255.255


access-list outside_in extended permit tcp any interface eq smtp
access-list outside_in extended permit tcp any interface eq https
access-group outside_in in interface outside


Routing any subnet would look like the following (if clinical subnet was 10.10.10.0/24)
route 10.10.10.0 255.255.255.0 <gateway IP off vlan 60>


For the site to site VPN to use the clinicals, the subnet for the clinicals would have to be added to the NONAT and Crypto Map Match for the VPN at both sites.   Just drop in the source and destination subnets using the remote site's point of view, into the remote site's appliance.
0
 

Author Comment

by:Tonyc92007
Comment Utility
Mikekane

Thanks for all the help....
think i need more help though...
sent email
0
 

Author Comment

by:Tonyc92007
Comment Utility
ok....
looking at using config generator....
think it fits the billl....mostly
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
Sent email where?  to me?  

Did the wizard fix you up?  
0
 

Author Comment

by:Tonyc92007
Comment Utility
thw wizard helped...but then again it didnt....
i hgave spent 2 days working on the second router, but i now thing it is bad!!
i cannon get internet to pass through!! DHCP inside......static ip aoutside...added every setting we already talked about ...but noting...
the xlate is showing traffic, but i cannt get to any website or anything...cant ping gateway nothing...

i even uswed the gui to do a backup of the 1st router, and then restored to the second router....plugged everything in and still nothing!!!

was up tim 4am....so i will verify that it is not working again afterhours tonight to be sure though...

i still need to route the server1.clinical.com, server2.clinical.com, server3.clinical.com to use the  vlan60....havent been able to get that working on the 1st working router....

0
 

Author Comment

by:Tonyc92007
Comment Utility
oh ...i emailed/PM you through the ee site
0
 

Author Comment

by:Tonyc92007
Comment Utility
ok...all is working...but rather slow.....and still cant get the clinical route to use the 2nd internet interface...
so i need help AGAIN!!!???
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
post the latest config from the ASA pls.  

thanks
0
 

Author Closing Comment

by:Tonyc92007
Comment Utility
Mike has the info to config ASA 5505
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Resolve DNS query failed errors for Exchange
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now