Have a Cisco ASA 5505 new out of the box (ASA version 8.4(1)). Pretty much with factory default config except what I have noted below. If I hook the output of my modem to eth 0 on the ASA I get some internet, but is very slow and most pages time out.
The prevalent error I am getting in the real time log viewer is:
%ASA-2-106001: Inbound TCP connection denied from IP_address/port to
IP_address/port flags tcp_flags on interface interface_name
An attempt was made to connect to an inside address is denied by the security policy that is defined for the specified traffic type. The IP address displayed is the real IP address instead of the IP address that appears through NAT. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the ASA, and it was dropped. The tcp_flags in this packet are FIN and ACK.
The tcp_flags are as follows:
• ACK—The acknowledgment number was received
• FIN—Data was sent
• PSH—The receiver passed data to the application
• RST—The connection was reset
• SYN—Sequence numbers were synchronized to start a connection
• URG—The urgent pointer was declared valid
So I am thinking it has something to do with NAT or Static Routing?
My ISP is Century Link. My modem shows me this info:
Serial Number: N/A
MAC Address: [My Little Secret}
Qwest Broadband: CONNECTED
Downstream Rate: 4096 Kbps
Upstream Rate: 832 Kbps
ISP Status: CONNECTED
PPP User Name: email@example.com
ISP Protocol: PPPoE
ATM Encapsulation: LLC Bridged
Modem IP [WAN] Address: My Secret
DNS Address #1: 18.104.22.168
DNS Address #2: 22.214.171.124
I have tried turning NAT off on the Modem as well as its DHCP. The LAN IP on the modem is 192.168.0.1 /24. So I set the eth0 on the ASA to 192.168.0.2 /24. I set the DHCP Pool on the ASA to the standard 192.168.1.5 - 254. In DCHP pool I use the same DNS servers as shown on modem. Computer connected to ASA pulls everything correctly.
I am thinking I need to do something with NAT or Static Routing. Have also read that I may need to put Modem in "pass through mode" and configure PPPoE on ASA. That looks complicated. And I can't find any option for "Pass Through" in the modem settings. I have turned off the Firewall on the modem.