asked on Cisco ASA5506w-x first time setup
I have a cisco asa 5506 running version asdm 7.4 and asa 9.4. I am trying to set it for the first time and I'm not familiar at all with this. I can setup a basic router for a static WAN IP but have no clue on setup for this box. I have reset the box to factory defaults and have interfaced into the box on Ethernet1/2 "inside" on 192.168.1.1 and I am in the box using the ASDM. (Also I have verified the cable I am using does work for internet by setting up a router on the same static WAN to verify)
I am looking to setup this as a router replacing a home Linksys router. We have a Comcast box in passthrough/bridged.
1. How do I set ethernet1/1 for "outside" static WAN IP address given my ISP? I believe the Comcast box LAN ip is 10.1.10.1 so do I set the outside IP to 10.1.10.2 and use a static route or use the WAN IP (not actual IP) 50.200.200.251?
2. I guess once I have internet how do I do a basic port forwards like rdp 3389 to local LAN 192.168.1.11
I am looking to setup this as a router replacing a home Linksys router. We have a Comcast box in passthrough/bridged.
1. How do I set ethernet1/1 for "outside" static WAN IP address given my ISP? I believe the Comcast box LAN ip is 10.1.10.1 so do I set the outside IP to 10.1.10.2 and use a static route or use the WAN IP (not actual IP) 50.200.200.251?
2. I guess once I have internet how do I do a basic port forwards like rdp 3389 to local LAN 192.168.1.11
CiscoHardware FirewallsNetworking
Last Comment
easyworks
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
it al depends on what youre provider is giving to you ;) in holland we are lucky to have almost in every private house an optic connection up to 500/500 mbit with more then one ip
the routing part you can find in device setup -> Routing -> Static routing. and then just press the add button say interface outside, network 0.0.0.0/0.0.0.0 and then youre gateway ip and youre all set
let me know if you need more help
Benjamin
the routing part you can find in device setup -> Routing -> Static routing. and then just press the add button say interface outside, network 0.0.0.0/0.0.0.0 and then youre gateway ip and youre all set
let me know if you need more help
Benjamin
ASKER
I swear I did all of what you said before, but now it works!
I tried then go add a firewall and create a "access rule" and seemingly I do not have internet access anymore. I tried to delete the rule I just setup and still can not get to the internet. I was unsure on how to do exactly what you were saying and found this page. http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/77869-pix-remote-desktop-conn.html
I tried then go add a firewall and create a "access rule" and seemingly I do not have internet access anymore. I tried to delete the rule I just setup and still can not get to the internet. I was unsure on how to do exactly what you were saying and found this page. http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/77869-pix-remote-desktop-conn.html
ASKER
I wouldn't suppose I could grab your help to remote into my PC to help me get the basic idea of what is going?
I reset my box back to factory using the CLI
1. ena
2. config t
3. config factory-default
4. reload save-config noconfirm
I ran back through the the device setup > launch setup wizard. And configured it again for how it had worked just a little bit ago with using a static wan IP and setting up a nat 0.0.0.0/0.0.0.0 (any) and used the gateway of the static IP, but not getting internet.
I reset my box back to factory using the CLI
1. ena
2. config t
3. config factory-default
4. reload save-config noconfirm
I ran back through the the device setup > launch setup wizard. And configured it again for how it had worked just a little bit ago with using a static wan IP and setting up a nat 0.0.0.0/0.0.0.0 (any) and used the gateway of the static IP, but not getting internet.
ok lets test some stuff.
from the asdm tools -> ping
and ping from this tool youre external IP, GW Ip and 8.8.8.8
let see how for you come.
from the asdm tools -> ping
and ping from this tool youre external IP, GW Ip and 8.8.8.8
let see how for you come.
oke let's do a factory reset
conf t
config factory-default {youre internal network addres}
do a write mem and reload.
don't do a restore of youre config
what kinda ip do you get from youre provider static/dhcp ? or are you still behind a nat ?
conf t
config factory-default {youre internal network addres}
do a write mem and reload.
don't do a restore of youre config
what kinda ip do you get from youre provider static/dhcp ? or are you still behind a nat ?
ASKER
No I am not able to ping 8.8.8.8
ASKER
I get a static IP I am not behind a NAT.
ok can you ping youre gateway ?
ASKER
I just did what you said and waiting for it to reload now.
ASKER
The gateway meaning the asa box? If so then yes.
ASKER
Do you use Skype if so I am willing to paypal you some money for compensation for your time.
after factory reset let's do this
1. setup Outside interface.
device setup -> Interfaces
select interface
interface name Outside
check box interface enabled
select static ip
enter ip address and subnet mask
press ok button
2. make our default route
device setup -> Routing - Static Routes
Add new route like this
interface outside
network 0.0.0.0/0.0.0.0
gateway ip {youre provider gateway ip}
press ok button to save
3. add dynamic nat policy for lan to wan
go to Firewall -> Nat Rules
press the down arrow on the add button en select Add "network object" nat rule
Name {LAN Network}
type network
Ip address youre local network like 192.168.0.0
select correct Netmask
set the box Add Automatic Adress Transport Rules
type Dynamic PAT (Hide)
Translated addr: Outside
now test if you can ping youre provider gateway, and some public address like 8.8.8.8
if this works
add an Access control list to allow ping reply to come back
Firewall -> Access Rules
interface outside
action permit
source any
destination any
service icmp
now you should be able to ping 8.8.8.8 from youre client
last thing is dns. but try this first
1. setup Outside interface.
device setup -> Interfaces
select interface
interface name Outside
check box interface enabled
select static ip
enter ip address and subnet mask
press ok button
2. make our default route
device setup -> Routing - Static Routes
Add new route like this
interface outside
network 0.0.0.0/0.0.0.0
gateway ip {youre provider gateway ip}
press ok button to save
3. add dynamic nat policy for lan to wan
go to Firewall -> Nat Rules
press the down arrow on the add button en select Add "network object" nat rule
Name {LAN Network}
type network
Ip address youre local network like 192.168.0.0
select correct Netmask
set the box Add Automatic Adress Transport Rules
type Dynamic PAT (Hide)
Translated addr: Outside
now test if you can ping youre provider gateway, and some public address like 8.8.8.8
if this works
add an Access control list to allow ping reply to come back
Firewall -> Access Rules
interface outside
action permit
source any
destination any
service icmp
now you should be able to ping 8.8.8.8 from youre client
last thing is dns. but try this first
No need to send some money, this forum is all about it people to help the other :)
ASKER
No, it did not work. I am sure that the IP for the static wan for my ISP is correct because I setup a home router and had to tested before plugging in the asa box.
ASKER
I just realized that while we were configuring this we did not setup a DNS for the DHCP. Let me set a static IP on my notebook .
Do you get reply from youre provider gateway ip ?
ASKER
Still not working :(
ASKER
no I do not. 50.199.---.--- request time out.
ASKER
I am able to ping that gateway from a different PC on different network that has a different static IP.
hmm,
what is youre subnet mask at Outside interface
what is youre subnet mask at Outside interface
ASKER
255.255.255.240
send me info to my email benjamin@devosft.nl
because i have the feeling the problem is here
network address
broadcast address
and gateway address
because i have the feeling the problem is here
network address
broadcast address
and gateway address
ASKER
Generating server: ------
benjamin@devosft.nl
#554 5.4.4 SMTPSEND.DNS.NonExistentDo
benjamin@devosft.nl
#554 5.4.4 SMTPSEND.DNS.NonExistentDo
ASKER
benjamin@devsoft.nl
ASKER
Thanks for the detailed description and troubleshooting with me.
Also interesting to find out my ISP box arp table held onto a another device trying to use that same static IP when I flip between my home router and asa box and that would explain another reason why I was not able to get it to work at first.
Also interesting to find out my ISP box arp table held onto a another device trying to use that same static IP when I flip between my home router and asa box and that would explain another reason why I was not able to get it to work at first.
I'm interested in "Option 1 static IP address" the most because I would like this to be our router.
I have set my external "outside" security to 0.
I think i remember reading what you are talking about, about setting a route it is just kind of foreign to me because i have never done it. I'll look into what you are talking about I think i might know how to now from playing around most of the day. (Was able to get option 2 to work, but still want to just use only option 1)
I'll need to see this because i have no looked at this part yet because it took me a good while to figure out on how just to get on the internet.