ASA 5505 down will not nat or get outside

I reconfigured my asa 5505 and now it will not give out nat addresses and I can't even get out to the internet when I use a static IP on my desktop.  This is a small business box and the whole network is down.  

I need some serious help, please.

Dan
dlojAsked:
Who is Participating?
 
Jan SpringerConnect With a Mentor Commented:
config t
global ?
global ( ?

show what?
0
 
BrandNullCommented:
What version of firmware is install on this box?
0
 
dlojAuthor Commented:
6.4.5
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
dlojAuthor Commented:
8.2(5)
0
 
Jan SpringerCommented:
sh run

and exclude any usernames, passwords or keys.

Put an "X" as the first octet of any public IP.
0
 
dlojAuthor Commented:
Thanks for the replies.  I fell ill soon after I posted this.  I will go get my box tomorrow morning and put in my config.  I pulled the box off the network and I really want to  get it back.  Aside from your help what is the best place to gather information about the ASA 5505?
0
 
dlojAuthor Commented:
Hi Everyone,
Thanks for the site it has helped and confused me more.  :)

I inhereited an ASA 5505 in this new position I have and I found firewall.cx and followed the setup process.for Basic ASA 5505 configuration and it did not work. I could not access the outside (internet) that was a few months ago, see above.

I got back to it the other day and still couldn't connect to the internet until I started playing around with outside and inside. When I set the computer I am using to access the console as dhcp I get out but the IP address of the computer is using my main network ip naming scheme rather than the ASA box naming scheme.


So I am confused I am attaching my running-config. Any help would be appreciated.
If someone could look at my running-config and give me a push in the right direction, that would be great.  
FILE ATTACHMENT:
Dan-running-config.txt
0
 
Jan SpringerCommented:
What do you mean by "naming scheme"?

Do you want your inside clients to get a dhcp address?

If you statically IP an inside host, does it get a translation ("show xlate")?
0
 
dlojAuthor Commented:
Thanks for the reply.

I want the inside clients to get dhcp addresses from the ASA box as I believe is shown in the running-config I attached.  

And that could be my issue it is not configured correctly.

when I show xlate I get:
0 in use, 0 most used

I think I should have said ip addressing scheme.
0
 
Jan SpringerCommented:
The nat id shouldn't matter as long as they match but for the hey of it, I'd like to see the results with the inside and outside nat id changed from '10' to '1'.

I'd also like to see the results of:

packet-tracer input inside udp 192.168.17.24 5000 8.8.8.8 53 detailed
0
 
dlojAuthor Commented:
Thanks for the reply to I need to setup the whole command to change the id from 10 to 1?
 I will be able to get this tomorrow.

Thanks again.
0
 
dlojAuthor Commented:
I finally was able to get back to it and I started over.
I am including my show ru and your request for packet-tracer.

I am going from a Basic ASA 5505 instructions from firewall.cx and a book by Don Crawley The Accidental Administrator: Cisco ASA Security Appliance

I have never been able to get out to the internet just by following either directions but once I started hacking around I could.
packet-tracer.txt
Dan-running-config-4-3.txt
0
 
Jan SpringerCommented:
Here is the problem => Drop-reason: (interface-down) Interface is down

Did you "no shut" the inside interface (to include any of the port interfaces that you are using on the inside vlan)?

Did you verify your cabling?

We need the inside interface to be up/up.
0
 
dlojAuthor Commented:
So I opened all the ethernet ?/? ports with no shutdown then my system behind the ASA retrieved an IP from the Outside router and I was able to get out to the outside network and the internet.  

So I enabled dhcpd and I received an address from my ASA box but cannot get out of the ASA box.

I even had dhcpd auto_config outside interface inside but when  a box on my outside network rebooted it received the 18.x address so I deleted that.  

I am attaching my new running-config and my new packet-tracer, which is much improved.

Thanks for hanging in there with me.
4-4-14-show-ru.txt
4-4-14-packet-tracer.txt
0
 
Jan SpringerCommented:
I don't see this statement:

global (outside) 1 interface
0
 
dlojAuthor Commented:
It is not allowing me to input that statement.  I should have told you yesterday.   It is saying that invalid input directed at '^' marker.    And ^ is under the o in outside.
0
 
dlojAuthor Commented:
current available interface:
inside Name of interface Vlan1

let me look at that
0
 
dlojAuthor Commented:
I got it for some reason I lost my outside vlan 2 configuration or forgot to put it in?  It was late friday, so much for being tired.  :)

I readded this:

interface vlan 2
ip address dhcp setroute
nameif outside
global (outside) 1 interface

and it seems to be working fine.

And this is how we learn it IT
Thanks for everything.  I am sure you will hear more from me.
0
 
dlojAuthor Commented:
Hi,
I had everything working fine behind one router then I went to ATT Uverse modem/router and it is not allowing me to get out.   Still getting DHCP from the Uverse Router and the Router sees the ASA box, but not allowing me out.  
I am attaching my running config.

If someone could look at it and let me know why I might not be able to get out I would appreciate it.

Thanks.
4-21-14-show-ru.txt
0
 
Jan SpringerCommented:
Did you re-add this:

interface vlan 2
ip address dhcp setroute
0
 
dlojAuthor Commented:
Thanks _jesper_ I didn't think I had to.  I just unplugged and unplugged in behind another router.  But I will add it and let you know.

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.