Solved

change asa firewall dns address

Posted on 2012-03-14
3
419 Views
Last Modified: 2012-03-19
Trying to add my new isp static info and take off this opendns address off.

sho ver!
no names
name 10.226.72.141 Server
name xx.xx.203 PublicMail
name 10.34.95.0
name 192.168.144.4 IntegratedSolar_Cam
name 192.168.144.2 IntegratedSolar_Meter
name xxx204 IntegratedSolar_MeterPublic
name xxxx205 IntegratedSolar_CamPublic
name xxxx141 IntegratedSolar_Public
name 208.67.222.222 OpenDNS1
name 208.67.220.220 OpenDNS2
name xxxxx202 Outside_Interface
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.226.72.140 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xxxxxx202 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
 
speed 100
 duplex full
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
same-security-traffic permit intra-interface
object-group service IntSolar tcp
 port-object eq 9999
object-group network OpenDNS_Servers
 network-object host 208.67.220.220
 network-object host 208.67.222.222
object-group network _networks
 network-object 10.226.72.0 255.255.255.0
object-group network B_networks
 network-object 10.34.95.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any host xxx203 eq smtp
access-list outside_access_in extended permit tcp any host xxx203 eq https
access-list outside_access_in extended permit ip host 209xxxx141 host 24.xxx204
access-list outside_access_in extended permit ip any host 24.xxxx205
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in extended permit icmp any any unreachable
access-list outside_access_in extended permit ip host 173..141 host 24xxxxx204
access-list outside_access_in extended permit tcp any host 24xxxx202 eq 2080
access-list inside_access_out extended permit ip any any
access-list inside_nat0_outbound extended permit ip 10.226.72.0 255.255.255.0 10.226.73.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 10.226.72.194 10.226.73.12 255.255.255.252
access-list 3000client_splitTunnelAcl standard permit 10.226.72.0 255.255.255.0
access-list 3000client_splitTunnelAcl_1 standard permit 10.226.72.0 255.255.255.0
access-list 4000client_splitTunnelAcl standard permit 10.226.72.0 255.255.255.0
access-list 5000client_splitTunnelAcl standard permit host 10.226.72.194
access-list nonat extended permit ip object-group networks object-group B_networks
access-list nonat extended permit ip 10.226.72.0 255.255.255.0 10.226.73.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool pool 10.226.73.121-10.226.73.124
ip local pool Vendor 10.226.73.12-10.226.73.15
ip local pool ip_pool 10.226.73.106-10.226.73.120
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.226.72.0 255.255.255.0
static (inside,outside) tcp interface 2080 10.226.72.135 2080 netmask 255.255.255.255
static (inside,outside) xxx205 192.168.144.4 netmask 255.255.255.255
static (inside,outside) 24.xxxxx203 10.226.72.141 netmask 255.255.255.255
static (inside,outside) 24.xxxxx204 192.168.144.2 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 24.xxxx201 1
route inside 192.168.10.0 255.255.255.248 10.226.72.254 1
route inside 192.168.144.0 255.255.255.240 10.226.72.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
 lifetime 43200
telnet 10.226.72.0 255.255.255.0 inside
telnet 10.226.73.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd auto_config outside
0
Comment
Question by:vmagan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
lruiz52 earned 500 total points
ID: 37723578
Configure terminal
no name 208.67.222.222 OpenDNS1
no name 208.67.220.220 OpenDNS2
no dhcpd dns 208.67.222.222 208.67.220.220

name xx.xx.xx.1
name xx.xx.xx.2
dhcpd dns xx.xx.xx.1 xx.xx.xx.2
0
 
LVL 6

Author Comment

by:vmagan
ID: 37725916
I will try this tonight. Too scared to try this remotely.

Thanks
0
 
LVL 6

Author Closing Comment

by:vmagan
ID: 37739969
Nice and easy.

Thanks
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
replacing 2811 to ISR 4331 2 79
Cisco 3650 switch licensing 6 77
Configuring WAN interface on Cisco ASA5525 3 61
BGP DUAL ISP with IP SLA 10 68
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question