mikey250
asked on
asa5505 asdm gui configuration steps
hi I have never used my asa5505 before, but I have managed to configure it separating the 'inside & outside' network and can now also open the 'asdm' gui as per below link:
http://www.youtube.com/watch?v=hdgFBfs6xu4
qns1. currently I have no vpns or anything like that and all I wish to do at this point is protect my win 7 internal network users, so what else should I configure within the gui ?
note: I could look on youtube but I wish to gain that understanding first of what I need to do first and then continue bit by bit.
note: at the moment I have a virgin/media hub that is using the built-in dhcp, so the following is setup at the moment:
inside: 192.168.1.x - set on vlan 1
outside: 192.168.0.3 - set on vlan 2
http://www.youtube.com/watch?v=hdgFBfs6xu4
qns1. currently I have no vpns or anything like that and all I wish to do at this point is protect my win 7 internal network users, so what else should I configure within the gui ?
note: I could look on youtube but I wish to gain that understanding first of what I need to do first and then continue bit by bit.
note: at the moment I have a virgin/media hub that is using the built-in dhcp, so the following is setup at the moment:
inside: 192.168.1.x - set on vlan 1
outside: 192.168.0.3 - set on vlan 2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi petelong,
qns1. why can I not receive my public ip address ?
- I have now set my virgin to modem/enable
- if I plug in my standalone laptop it does provide a public ip address.
- I then unplug my laptop and reboot my virgin hub
- I thn plugged my x-over cable from my asa5505 eth/0 port to my specific port on my virgin hub but no public ip address has been allocated ?
the outside interface config has not changed ie:
int vlan 2
nameif outside
security-level 0
ip address dhcp setroute
no shut
I then switched off the asa5505 and did not do a reload but assumed this should still provide a public ip address, but I may have not waited long enough!! not sure.
qns1. why can I not receive my public ip address ?
- I have now set my virgin to modem/enable
- if I plug in my standalone laptop it does provide a public ip address.
- I then unplug my laptop and reboot my virgin hub
- I thn plugged my x-over cable from my asa5505 eth/0 port to my specific port on my virgin hub but no public ip address has been allocated ?
the outside interface config has not changed ie:
int vlan 2
nameif outside
security-level 0
ip address dhcp setroute
no shut
I then switched off the asa5505 and did not do a reload but assumed this should still provide a public ip address, but I may have not waited long enough!! not sure.
>>qns1. what I want to know is as I have configured my firewall enough for protection ?
Essentially yes out of the box you have protection :)
>>qns1. why can I not receive my public ip address ?
You shold not need a crossover cable the 5505 ?
The problem you are seeing is probably, because the modem does not like that mac address being changes power everything off, wait a couple of minutes, power up the HUB, then plug the firewall into it. You cant just SWAP over internal devices.
Essentially yes out of the box you have protection :)
>>qns1. why can I not receive my public ip address ?
You shold not need a crossover cable the 5505 ?
The problem you are seeing is probably, because the modem does not like that mac address being changes power everything off, wait a couple of minutes, power up the HUB, then plug the firewall into it. You cant just SWAP over internal devices.
ASKER
hi petelong,
qns1. after changing the ip addressing scheme within my asa5505 via the command line, I can also see that the 'dhcpd data' has also been removed. - I assume this is ok because I have a running: dhcp via my master dc, mentioned below ?
I have now got the 'public ip address' showing via my asa5505 & I have also plugged in a 'straight-thru' cable from my asa5505 eth0 port to my cisco 2950 and my master dc/ad/dhcp/dns server can also receive the internet access.
qns2. I have now logged on to my domain with my win 7 desktop successfully and my master dc/ad/dhcp/dns - has allocated an ip address as expected, but I cannot receive internet access - why ...is there something I should be adding on my asa5505 as currently I have all machines within active directory located in the default computer container and not currently using any gpo's yet ?
qns1. after changing the ip addressing scheme within my asa5505 via the command line, I can also see that the 'dhcpd data' has also been removed. - I assume this is ok because I have a running: dhcp via my master dc, mentioned below ?
I have now got the 'public ip address' showing via my asa5505 & I have also plugged in a 'straight-thru' cable from my asa5505 eth0 port to my cisco 2950 and my master dc/ad/dhcp/dns server can also receive the internet access.
qns2. I have now logged on to my domain with my win 7 desktop successfully and my master dc/ad/dhcp/dns - has allocated an ip address as expected, but I cannot receive internet access - why ...is there something I should be adding on my asa5505 as currently I have all machines within active directory located in the default computer container and not currently using any gpo's yet ?
ASKER
hi petelong, I forgot to mention I have 3 cisco 2950 switches for fault tolerance testing:
- vtp server (primary) - master dc & fileprint server plugged in here
- vtp server (secondary)
- vtp client - win 7 desktop user plugged in here
win 7 - I can ping from vtp client switch to the following: successfully
- master dc
- fileprintserver
- default gateway
- vtp server (primary) - master dc & fileprint server plugged in here
- vtp server (secondary)
- vtp client - win 7 desktop user plugged in here
win 7 - I can ping from vtp client switch to the following: successfully
- master dc
- fileprintserver
- default gateway
ASKER
the default gateway was missing from my internal master dc via my dhcp and once added my win 7 desktop can now receive internet access.
ASKER
sound advice. appreciated.
ASKER
yes I will look at your link:
http://www.petenetlive.com/Top_Level/techmain.html#CISCO
qns1. what I want to know is as I have configured my firewall enough for protection ?