Solved

Cisco ASA 5505 Aironet 1100 troubles

Posted on 2011-09-20
5
504 Views
Last Modified: 2012-05-12
I just recently got a 5505 and it came with 8.3(1) installed.  After figuring out how to get things working I now have it in place and almost everything is fine.  I got an aironet 1100 series WAP at the same time and it is using one of the PoE ports on the 5505 for power.  I reset it to factory defaults and I can see in the dhcp bindings what it's IP address is, but I can't seem to connect to it or ping it on anything.  It's probably something simple but nothing I can think of has worked so far.

the WAP is on eth0/7 with the IP address of 192.168.0.21  

here is my config:

ASA Version 8.3(1)
!
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa831-k8.bin
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
same-security-traffic permit intra-interface
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network FTP
 host 192.168.0.10
access-list outside_access_in extended permit tcp any object FTP eq ftp
pager lines 24
logging timestamp
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic obj_any interface
!
object network FTP
 nat (inside,outside) static interface service tcp ftp ftp
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa local authentication attempts max-fail 5
no snmp-server location
no snmp-server contact
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 60
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
dhcpd dns 1.2.3.4
dhcpd auto_config outside
!
dhcpd address 192.168.0.20-192.168.0.40 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp authenticate
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:c1d260b57bda9a6ca0944e8d0076b024
: end
0
Comment
Question by:cymrich
  • 4
5 Comments
 
LVL 15

Expert Comment

by:Robert Sutton Jr
ID: 36571930
2 things... Can  you post back here in a text file the results of the ASA by issueing the command "sh ip int brief" and also the sh run config of the WAP in question? Thanks.
0
 

Author Comment

by:cymrich
ID: 36577082
sh ip int brief isn't a valid command.  sh ip only gives address, audit, local, verify and | for options.  I'm not sure what info you are looking for so I'm not sure what to try instead.  

the WAP should have the factory default config on it... I followed the steps to reset it to factory default.  before doing that it was not grabbing an IP address at all.  after doing that it showed up in the dhcp bindings as .21 since the factory default setting is for it to grab a dhcp address.  I don't have a power adapter or power injector for it so the only way I can power it is through the ASA 5505 and I have so far not been able to log in to it at all.
0
 

Author Comment

by:cymrich
ID: 36577359
just realized I had not tested the FTP access in the config... it's not working either... not sure if it's related.  I'll post a separate question for that though.
0
 

Accepted Solution

by:
cymrich earned 0 total points
ID: 36912556
nat (inside,outside) source dynamic obj_any interface seems to have been the problem for both.  I can reach the aironet now that I removed it and only have nat statements under the objects.
0
 

Author Closing Comment

by:cymrich
ID: 36938190
fixed it myself
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco VPN client v5 migration to Anyconnect VPN? 8 52
ASA Tunnel 18 42
Help with a subnetting question 7 58
cisco switch 3750E port channel down 13 29
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question