Connect Cisco asa5505 to Dlink Switch (DGS-1024D)

searcher100
searcher100 used Ask the Experts™
on
I'm new to Cisco, and know very little about networking.  Got Uverse internet, they gave me a 2-wire 3600hgv modem.  Put that in DMZPlus mode with a Cisco ASA5505 behind it.  Bought the book "The Accidental Administrator: Cisco ASA Security Appliance" by Don R. Crawley, and learned a little CLI.  Finally got a Windows box connected to port 1 of the ASA5505 to connect to the internet.  I had to do "ipconfig /release", "ipconfig /renew" on the Windows box to get it to connect.  Now sure why I had to do that, since I set up DHCP.  But, as I said, I'm not sure of much of anything in this area.  So then I connected port 1 of the Cisco to a Dlink 24-port switch (DGS-1024D) and connected the computer to another port of the Dlink switch.  The computer could not connect to the internet and could not even ping the Cisco.  With my full network connected, I would have a couple other Dlink switches connected to this first Dlink switch.  The configuration of the Cisco is below.  Note that I'm not using the most recent ASA software version - was hoping to test the ASA5505 out and see if I can use it before going to that trouble.  Any comments or improvements in the basic setup or in the security part of the setup would be greatly appreciated in addition to the Dlink switch issue.  Note that, since I'm using a software version earlier than 8.3(1), I entered the NAT config in the old style:

global (outside) 10 interface
nat (inside) 10 192.168.2.0 255.255.255.0

I use DHCP to get my outside ip address.

My outside route is to the Uverse gateway.

My dns setup is done as part of some dhcpd statements suggested in the book, and points to two uverse dns servers.  The option 3 statement makes my "gateway of last resort" the Cisco.  Hope all that's correct:

dhcpd dns 68.94.156.1 68.94.156.2
dhcpd option 3 ip 192.168.2.1
!
dhcpd address 192.168.2.2-192.168.2.33 inside
dhcpd enable inside

I used the prefix 192.168.2 as the prefix for my inside range of addresses, rather than 192.168.1.  Did that because the 2-wire uses 192.168.1.  Don't know if I needed to do that.

Here's the full config:

ASA Version 8.2(1)
!
hostname ciscoasa
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
global (outside) 10 interface
nat (inside) 10 192.168.2.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 108.193.148.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 68.94.156.1 68.94.156.2
dhcpd option 3 ip 192.168.2.1
!
dhcpd address 192.168.2.2-192.168.2.33 inside
dhcpd enable inside

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior infrastructure engineer
Top Expert 2012
Commented:
The first thing that comes to mind is that is something wrong with the configuration of the dlink. That is, if it is configurable. Since you are able to connect to the internet when a machine is directly connected to the ASA.
So first have a look at the dlink.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial