asa5505 asdm gui configuration steps

hi I have never used my asa5505 before, but I have managed to configure it separating the 'inside & outside' network and can now also open the 'asdm' gui as per below link:

qns1.  currently I have no vpns or anything like that and all I wish to do at this point is protect my win 7 internal network users, so what else should I configure within the gui ?

note:  I could look on youtube but I wish to gain that understanding first of what I need to do first and then continue bit by bit.

note: at the moment I have a virgin/media hub that is using the built-in dhcp, so the following is setup at the moment:

inside: 192.168.1.x - set on vlan 1
outside: - set on vlan 2
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
OK, I would put your Virgin media hub in 'modem' mode, then your ASA will get the public IP address on its outside interface - so when you get round to doing VPN's things will work.

If you want some ASA Walkthroughs theres a ton on my site that cover just about everything Ive ever had to deploy, and Ive been deploying ASA/PIX for nearly 10 years


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikey250Author Commented:
hi petelong,  yes I normally do use 'modem/enable' but just for the purposes of getting my asa5505 up and running I left it as it was and yes If I wanted to setup a vpn I am aware this would need to be done.

yes I will look at your link:

qns1.  what I want to know is as I have configured my firewall enough for protection  ?
mikey250Author Commented:
hi petelong,

qns1.  why can I not receive my public ip address  ?

- I have now set my virgin to modem/enable
- if I plug in my standalone laptop it does provide a public ip address.
- I then unplug my laptop and reboot my virgin hub
- I thn plugged my x-over cable from my asa5505 eth/0 port to my specific port on my virgin hub but no public ip address has been allocated  ?

the outside interface config has not changed ie:

int vlan 2
nameif outside
security-level  0
ip address dhcp setroute
no shut
I then switched off the asa5505 and did not do a reload but assumed this should still provide a public ip address, but I may have not waited long enough!! not sure.
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Pete LongTechnical ConsultantCommented:
>>qns1.  what I want to know is as I have configured my firewall enough for protection  ?

Essentially yes out of the box you have protection :)

>>qns1.  why can I not receive my public ip address  ?

You shold not need a crossover cable the 5505 ?

The problem you are seeing is probably, because the modem does not like that mac address being changes power everything off, wait a couple of minutes, power up the HUB, then plug the firewall into it. You cant just SWAP over internal devices.
mikey250Author Commented:
hi petelong,

qns1.   after changing the ip addressing scheme within my asa5505 via the command line, I can also see that the 'dhcpd data' has also been removed.  - I assume this is ok because I have a running: dhcp via my master dc, mentioned below  ?

I have now got the 'public ip address' showing via my asa5505 & I have also plugged in a 'straight-thru' cable from my asa5505 eth0 port to my cisco 2950 and my master dc/ad/dhcp/dns server can also receive the internet access.

qns2.  I have now logged on to my domain with my win 7 desktop successfully and my master dc/ad/dhcp/dns - has allocated an ip address as expected, but I cannot receive internet access - why there something I should be adding on my asa5505  as currently I have all machines within active directory located in the default computer container and not currently using any gpo's yet  ?
mikey250Author Commented:
hi petelong,  I forgot to mention I have 3 cisco 2950 switches for fault tolerance testing:

- vtp server (primary) - master dc & fileprint server plugged in here
- vtp server (secondary)
- vtp client - win 7 desktop user plugged in here

win 7 - I can ping from vtp client switch to the following:  successfully

- master dc
- fileprintserver
- default gateway
mikey250Author Commented:
the default gateway was missing from my internal master dc via my dhcp and once added my win 7 desktop can now receive internet access.
mikey250Author Commented:
sound advice.  appreciated.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.