SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.
Cisco ASA5506w-x first time setup
I have a cisco asa 5506 running version asdm 7.4 and asa 9.4. I am trying to set it for the first time and I'm not familiar at all with this. I can setup a basic router for a static WAN IP but have no clue on setup for this box. I have reset the box to factory defaults and have interfaced into the box on Ethernet1/2 "inside" on 192.168.1.1 and I am in the box using the ASDM. (Also I have verified the cable I am using does work for internet by setting up a router on the same static WAN to verify)
I am looking to setup this as a router replacing a home Linksys router. We have a Comcast box in passthrough/bridged.
1. How do I set ethernet1/1 for "outside" static WAN IP address given my ISP? I believe the Comcast box LAN ip is 10.1.10.1 so do I set the outside IP to 10.1.10.2 and use a static route or use the WAN IP (not actual IP) 50.200.200.251?
2. I guess once I have internet how do I do a basic port forwards like rdp 3389 to local LAN 192.168.1.11
I am looking to setup this as a router replacing a home Linksys router. We have a Comcast box in passthrough/bridged.
1. How do I set ethernet1/1 for "outside" static WAN IP address given my ISP? I believe the Comcast box LAN ip is 10.1.10.1 so do I set the outside IP to 10.1.10.2 and use a static route or use the WAN IP (not actual IP) 50.200.200.251?
2. I guess once I have internet how do I do a basic port forwards like rdp 3389 to local LAN 192.168.1.11
Asked:
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
I'm not at the office anymore so i'll be sure to try this tomorrow.
I'm interested in "Option 1 static IP address" the most because I would like this to be our router.
I have set my external "outside" security to 0.
I think i remember reading what you are talking about, about setting a route it is just kind of foreign to me because i have never done it. I'll look into what you are talking about I think i might know how to now from playing around most of the day. (Was able to get option 2 to work, but still want to just use only option 1)
I'm interested in "Option 1 static IP address" the most because I would like this to be our router.
opion 1static ip address
and set youre static ip address. you alse need to add a rourte. from the outside to 0.0.0.0/0.0.0.0 and fill in the ip address of the gateway of youre provider.
I have set my external "outside" security to 0.
I think i remember reading what you are talking about, about setting a route it is just kind of foreign to me because i have never done it. I'll look into what you are talking about I think i might know how to now from playing around most of the day. (Was able to get option 2 to work, but still want to just use only option 1)
2. Make a nat ruleI'll need to see this because i have no looked at this part yet because it took me a good while to figure out on how just to get on the internet.
it al depends on what youre provider is giving to you ;) in holland we are lucky to have almost in every private house an optic connection up to 500/500 mbit with more then one ip
the routing part you can find in device setup -> Routing -> Static routing. and then just press the add button say interface outside, network 0.0.0.0/0.0.0.0 and then youre gateway ip and youre all set
let me know if you need more help
Benjamin
the routing part you can find in device setup -> Routing -> Static routing. and then just press the add button say interface outside, network 0.0.0.0/0.0.0.0 and then youre gateway ip and youre all set
let me know if you need more help
Benjamin
I swear I did all of what you said before, but now it works!
I tried then go add a firewall and create a "access rule" and seemingly I do not have internet access anymore. I tried to delete the rule I just setup and still can not get to the internet. I was unsure on how to do exactly what you were saying and found this page. http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/77869-pix-remote-desktop-conn.html
I tried then go add a firewall and create a "access rule" and seemingly I do not have internet access anymore. I tried to delete the rule I just setup and still can not get to the internet. I was unsure on how to do exactly what you were saying and found this page. http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/77869-pix-remote-desktop-conn.html
I wouldn't suppose I could grab your help to remote into my PC to help me get the basic idea of what is going?
I reset my box back to factory using the CLI
1. ena
2. config t
3. config factory-default
4. reload save-config noconfirm
I ran back through the the device setup > launch setup wizard. And configured it again for how it had worked just a little bit ago with using a static wan IP and setting up a nat 0.0.0.0/0.0.0.0 (any) and used the gateway of the static IP, but not getting internet.
I reset my box back to factory using the CLI
1. ena
2. config t
3. config factory-default
4. reload save-config noconfirm
I ran back through the the device setup > launch setup wizard. And configured it again for how it had worked just a little bit ago with using a static wan IP and setting up a nat 0.0.0.0/0.0.0.0 (any) and used the gateway of the static IP, but not getting internet.
ok lets test some stuff.
from the asdm tools -> ping
and ping from this tool youre external IP, GW Ip and 8.8.8.8
let see how for you come.
from the asdm tools -> ping
and ping from this tool youre external IP, GW Ip and 8.8.8.8
let see how for you come.
oke let's do a factory reset
conf t
config factory-default {youre internal network addres}
do a write mem and reload.
don't do a restore of youre config
what kinda ip do you get from youre provider static/dhcp ? or are you still behind a nat ?
conf t
config factory-default {youre internal network addres}
do a write mem and reload.
don't do a restore of youre config
what kinda ip do you get from youre provider static/dhcp ? or are you still behind a nat ?
after factory reset let's do this
1. setup Outside interface.
device setup -> Interfaces
select interface
interface name Outside
check box interface enabled
select static ip
enter ip address and subnet mask
press ok button
2. make our default route
device setup -> Routing - Static Routes
Add new route like this
interface outside
network 0.0.0.0/0.0.0.0
gateway ip {youre provider gateway ip}
press ok button to save
3. add dynamic nat policy for lan to wan
go to Firewall -> Nat Rules
press the down arrow on the add button en select Add "network object" nat rule
Name {LAN Network}
type network
Ip address youre local network like 192.168.0.0
select correct Netmask
set the box Add Automatic Adress Transport Rules
type Dynamic PAT (Hide)
Translated addr: Outside
now test if you can ping youre provider gateway, and some public address like 8.8.8.8
if this works
add an Access control list to allow ping reply to come back
Firewall -> Access Rules
interface outside
action permit
source any
destination any
service icmp
now you should be able to ping 8.8.8.8 from youre client
last thing is dns. but try this first
1. setup Outside interface.
device setup -> Interfaces
select interface
interface name Outside
check box interface enabled
select static ip
enter ip address and subnet mask
press ok button
2. make our default route
device setup -> Routing - Static Routes
Add new route like this
interface outside
network 0.0.0.0/0.0.0.0
gateway ip {youre provider gateway ip}
press ok button to save
3. add dynamic nat policy for lan to wan
go to Firewall -> Nat Rules
press the down arrow on the add button en select Add "network object" nat rule
Name {LAN Network}
type network
Ip address youre local network like 192.168.0.0
select correct Netmask
set the box Add Automatic Adress Transport Rules
type Dynamic PAT (Hide)
Translated addr: Outside
now test if you can ping youre provider gateway, and some public address like 8.8.8.8
if this works
add an Access control list to allow ping reply to come back
Firewall -> Access Rules
interface outside
action permit
source any
destination any
service icmp
now you should be able to ping 8.8.8.8 from youre client
last thing is dns. but try this first
No, it did not work. I am sure that the IP for the static wan for my ISP is correct because I setup a home router and had to tested before plugging in the asa box.
I just realized that while we were configuring this we did not setup a DNS for the DHCP. Let me set a static IP on my notebook .
I am able to ping that gateway from a different PC on different network that has a different static IP.
send me info to my email benjamin@devosft.nl
because i have the feeling the problem is here
network address
broadcast address
and gateway address
because i have the feeling the problem is here
network address
broadcast address
and gateway address
Generating server: ------
benjamin@devosft.nl
#554 5.4.4 SMTPSEND.DNS.NonExistentDo
benjamin@devosft.nl
#554 5.4.4 SMTPSEND.DNS.NonExistentDo
Thanks for the detailed description and troubleshooting with me.
Also interesting to find out my ISP box arp table held onto a another device trying to use that same static IP when I flip between my home router and asa box and that would explain another reason why I was not able to get it to work at first.
Also interesting to find out my ISP box arp table held onto a another device trying to use that same static IP when I flip between my home router and asa box and that would explain another reason why I was not able to get it to work at first.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
set youre external interface to security level 0
opion 1static ip address
and set youre static ip address. you alse need to add a rourte. from the outside to 0.0.0.0/0.0.0.0 and fill in the ip address of the gateway of youre provider.
option 2 normal dhcp
set youre wan interface ip address option to Obtain address via DHCP.
and click the box obtain default route using DHCP.
Option 3 use PPPoE
if you have to do authentication, this is normal in holland.
select option number 3 use PPPoE
youre provider should have give you all the information to authenticate.
fil in the form, Select the box Store username and password in local flash
then press the button IP Address and Route Setup.
some providers give you an static ip address, if so select the option box specify ip Address
and fill in the address. this is the same for youre route. is it a a dynamic one select the box Obtain default route using PPPoE, else you need to make a default 0.0.0.0/0.0.0.0 from the outside interface to the provided gateway from youre provider.
test if you have internet now.
2. Make a nat rule
go to firewall -> NAT Rules
create an address object of youre server. and dropdown the nat property
select type is dynamic if you have 1 ip address of static if you want to use an different external address. but i dont think you have more then 1 ip address.
in the box translated address browse for youre external interface, normaly called Outside.
press the advanced button. and select the source and destination interface. normaly inside and outside. select the protocol type tcp or udp. for you to have terminal services open at 3389 select tcp and real port and mapped port will be 3389.
now we only need to add an ACL to allow traffic from the outside to the inside.
add normal acl. source any, destination youre allready made address object of youre server. and services tcp/3389
if you have more questions, let me know
Benjamin