michaeltegler
asked on
Cisco ASA 5510 config help needed
Trying to connect my ASA 5510 to a new internet provider. The provider gave us a cisco router that we can connect the ASA into.
We get a /27 LAN. I tried to scrub the config file to things that are necessary.
When I use a laptop the config works find. When I input it into the ASA there's no internet access. I can ping the gateway, but nothing beyond.
Any help would be appreciated. Thank you.
We get a /27 LAN. I tried to scrub the config file to things that are necessary.
When I use a laptop the config works find. When I input it into the ASA there's no internet access. I can ping the gateway, but nothing beyond.
Any help would be appreciated. Thank you.
: Saved
:
ASA Version 7.2(4)
!
dns-guard
!
interface Ethernet0/0
nameif inside
security-level 100
ip address 10.65.1.1 255.255.0.0
!
interface Ethernet0/1
nameif outside
security-level 0
ip address *.*.*.130 255.255.255.252
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
boot system disk0:/asa724-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CST recurring
dns server-group DefaultDNS
domain-name ****.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service tcp_jupiter tcp
port-object range 5800 5999
port-object eq www
port-object eq imap4
port-object eq ldap
port-object eq https
port-object eq sip
port-object eq talk
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host www_out eq www
access-list outside_access_in extended permit tcp any host www_out eq ssh
access-list no-nat-inside extended permit ip 10.65.0.0 255.255.0.0 172.16.65.0 255.255.255.0
access-list no-nat-inside extended permit ip 10.65.0.0 255.255.0.0 192.168.65.0 255.255.255.0
access-list no-nat-inside extended permit ip host mercury_in host 198.179.147.37
access-list vpn extended permit ip 10.65.0.0 255.255.0.0 172.16.65.0 255.255.255.0
access-list vpn extended permit ip 192.168.65.0 255.255.255.0 172.16.65.0 255.255.255.0
access-list vpn extended permit ip 172.16.10.0 255.255.255.0 172.16.65.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip 10.65.0.0 255.255.0.0 any
access-list inside_access_in extended permit ip 172.16.10.0 255.255.255.0 any
pager lines 20
logging enable
logging asdm warnings
mtu inside 1500
mtu outside 1500
mtu dmz1 1500
mtu management 1500
mtu phone 1500
ip local pool vpnpool 172.16.65.1-172.16.65.254
ip verify reverse-path interface inside
ip verify reverse-path interface outside
ip audit name gsp_info info action alarm
ip audit name gsp_attack attack action alarm drop reset
ip audit interface outside gsp_info
ip audit interface outside gsp_attack
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
asdm history enable
arp timeout 14400
global (outside) 1 140.239.60.67
nat (inside) 0 access-list no-nat-inside
nat (inside) 1 172.16.10.0 255.255.255.0 tcp 20000 14000 udp 20000
nat (inside) 1 10.65.0.0 255.255.0.0 tcp 20000 14000 udp 20000
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route inside 172.16.10.0 255.255.255.0 10.65.2.1 1
route outside 0.0.0.0 0.0.0.0 *.*.*.129 1
timeout xlate 3:00:00
timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal 3600
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 phone
ssh timeout 60
console timeout 0
management-access inside
ntp server 65.107.66.254 source outside prefer
group-policy DfltGrpPolicy attributes
banner none
wins-server value 10.65.1.5
dns-server value 10.65.1.15 10.65.1.5
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp enable
re-xauth disable
group-lock value gspvpn
pfs enable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value *-vpn
default-domain value ****.com
split-dns value *****.com
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools value vpnpool
smartcard-removal-disconnect enable
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy gspvpn internal
group-policy gspvpn attributes
vpn-idle-timeout none
split-tunnel-policy tunnelspecified
split-tunnel-network-list value gsp-vpn
tunnel-group 198.179.147.37 ipsec-attributes
pre-shared-key *
tunnel-group-map default-group gspvpn
!
class-map global-class
match default-inspection-traffic
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns default_dns
parameters
message-length maximum 2048
policy-map global-policy
class global-class
inspect ctiqbe
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect icmp
inspect icmp error
inspect ipsec-pass-thru
inspect dns default_dns
inspect netbios
inspect pptp
inspect tftp
class inspection_default
inspect ftp
!
service-policy global-policy global
prompt hostname context
Cryptochecksum:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much. That did it.
Glad to be of service ;)
Thx for the points.
Thx for the points.
/Kvistofta