Solved

ASA 5512 Config question

Posted on 2013-02-05
4
1,184 Views
Last Modified: 2013-03-14
I've configured an ASA 5512 and I'm not sure if the config is correct.  I wanted to see if anyone could glance at this config and see if they see any problems.  I'm in a situation where it needs to work immediately after it boots and I want to try to avoid any issues if I can.

I hope someone has a few minutes.  I really appreciate it.  Thanks.
ASA5512.txt
0
Comment
Question by:jplagens
  • 2
4 Comments
 
LVL 18

Expert Comment

by:fgasimzade
ID: 38858870
It looks fine.. What exactly this ASA need to do?
0
 
LVL 8

Accepted Solution

by:
pgolding00 earned 500 total points
ID: 38859377
dont know about:
route inside 68.65.151.0 255.255.255.0 192.168.10.10 1
because 192.168.10.0 is not attached to an interface. this would work on a router, but not so sure about recursive routing lookup on asa. you definitely cant source route, which is sort-of what this is trying to do. just use:
route inside 68.65.151.0 255.255.255.0 192.168.0.16
no question that this will work.

otherwise, as above, what are you trying to achieve with it?
0
 
LVL 4

Author Comment

by:jplagens
ID: 38859712
The issue was that this ASA 5512 was replacing an old Pix515e.  Due to the maintenance window I didn't have much time, so it was going to be pretty much unplug/unrack the Pix, put in the ASA, turn it on and it had to work.  I haven't done a lot of work with the new NAT commands in 8.3 or higher so I was stressing a little about it working.

I discovered that inside route to 192.168.10.10.1 wasn't needed.  No one new what it was so I removed it.

The only changes I made was that I added a new object:

object network OBJ_ANY
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) dynamic interface

and I forgot to apply the access-list:

access-group inbound in interface outside
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 38859816
Yeah, I was just going to point out, that you will not be able to access Internet unless you configure dynamic NAT, what you have done.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gateway Resilience 4 49
Cisco RSTP portfast 3 53
ASA to pfsense IPSec site to site tunnel 17 51
Auto Smartport macro for Dell and HP laptops 2 54
How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now