mikey250
asked on
asa5505 gui config no internet - up/up showing
ive been using my asa5505 router for 6 months now and configured it using the wizard 20+ times with no issues.
for some reason now my 'outside' interface is showing as 'up/up' but no ip address but previously it would automatically show my 'static ip'.
when I check my wizard config although I have no reason to change anything it does state 'pppoe' which i have been adding in the wizard and i cannot see no 'pppoa'.
my isp: xln router is set as: 'pppoa'
step 1.
- I decided to reset my asa
- I confirmed my isp: xln router has firewall disabled which is connected to my asa for internet access which is pre-configured as below:
step 2.
when I access my 'xln router' via the 'gui' I can see the following:
pppoa - vc - 0/38
static ip - as expected
username - as expected
pw: - as expected (although hides password as blank by default)
pppoa
question1. can anyone advise as spent 2full days on this and unless im missing something in my asdm gui that i have missed but i doubt it as i think the problem is with my isp config but they say no and they say 'pppoe' is fibre so im stuck ?
Ive added the following & swapped them around but still no internet.
- local.co.uk - my internal
- xln.co.uk - my isp domain
asa-wizard-screenshot.pdf
for some reason now my 'outside' interface is showing as 'up/up' but no ip address but previously it would automatically show my 'static ip'.
when I check my wizard config although I have no reason to change anything it does state 'pppoe' which i have been adding in the wizard and i cannot see no 'pppoa'.
my isp: xln router is set as: 'pppoa'
step 1.
- I decided to reset my asa
- I confirmed my isp: xln router has firewall disabled which is connected to my asa for internet access which is pre-configured as below:
step 2.
when I access my 'xln router' via the 'gui' I can see the following:
pppoa - vc - 0/38
static ip - as expected
username - as expected
pw: - as expected (although hides password as blank by default)
pppoa
question1. can anyone advise as spent 2full days on this and unless im missing something in my asdm gui that i have missed but i doubt it as i think the problem is with my isp config but they say no and they say 'pppoe' is fibre so im stuck ?
Ive added the following & swapped them around but still no internet.
- local.co.uk - my internal
- xln.co.uk - my isp domain
asa-wizard-screenshot.pdf
Yep, we need some more info like Arne said.
It could be something as simple as a default route on the ASA, but we can't tell with the info you are currently providing.
It could be something as simple as a default route on the ASA, but we can't tell with the info you are currently providing.
ASKER
hi i did the following:
asa:
Step 1
- conf t
- wr erase
- reload
after reboot did;
- conf t
- config factory-default
then confirmed config was empty
config t
Username xxxx password privilege 15
Int vlan 1
nameif inside
Ip address 192.168.0.1 255.255.255.0
no shut
in eth0/0
connect to isp modem/router
no shut
Int eth0/1
connected to win 7 pc
no shut
http server enable
http 192.168.0.0 255.255.255.0
sh run - confirmed above config was there but did not do currently copy run start
step 2 followed wizard in attached pdf on 1st thread.
appreciated for response!!!!!!
asa:
Step 1
- conf t
- wr erase
- reload
after reboot did;
- conf t
- config factory-default
then confirmed config was empty
config t
Username xxxx password privilege 15
Int vlan 1
nameif inside
Ip address 192.168.0.1 255.255.255.0
no shut
in eth0/0
connect to isp modem/router
no shut
Int eth0/1
connected to win 7 pc
no shut
http server enable
http 192.168.0.0 255.255.255.0
sh run - confirmed above config was there but did not do currently copy run start
step 2 followed wizard in attached pdf on 1st thread.
appreciated for response!!!!!!
ASKER
correction:
http 192.168.0.0 255.255.255.0 inside
http 192.168.0.0 255.255.255.0 inside
ASKER
when used my xp the problem i had was never a problem but as xp has crashed i used my boot disc/install but cd are scratched.
I then installed asa asdm gui on win 7 now problems.
I then installed asa asdm gui on win 7 now problems.
By the looks of it, you did not configure anything on the interface connected to the ISP device.
Could you show us a sanitized output of show run so we know what we're talking about?
Could you show us a sanitized output of show run so we know what we're talking about?
ASKER
Such as ?
I configured using the asdm gui wizard like always.
I configured using the asdm gui wizard like always.
ASKER
Vlan 2 was added via asdm gui via wizard screenshots that i have attached on 1st thread.
every1 keeps telling to send attachments in .pdf form so i do.
every1 keeps telling to send attachments in .pdf form so i do.
In ASDM under Tools there is the option: 'command line interface'. If you open that and enter show run in there, it will output the current running configuration of the ASA.
After sanitizing you can post that here.
You don't need to convert it to pdf, you can also just copy/paste it in the comment box.
After sanitizing you can post that here.
You don't need to convert it to pdf, you can also just copy/paste it in the comment box.
ASKER
Result of the command: "show running-config"
: Saved
:
ASA Version 9.1(2)
!
hostname asa
domain-name xln.co.uk
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface Ethernet0/0
description connected to ISP
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ffdsdfsdf
ip address pppoe setroute
!
ftp mode passive
dns server-group DefaultDNS
domain-name xln.co.uk
pager lines 24
logging enable
logging host inside 192.168.0.2 6/1470
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
nat (inside,outside) after-auto source dynamic any interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-reco rd DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group main request dialout pppoe
vpdn group main localname 01902248133@xln.co.uk
vpdn group main ppp authentication chap
vpdn group ffdsdfsdf request dialout pppoe
vpdn group ffdsdfsdf localname 01902248133@xln.co.uk
vpdn group ffdsdfsdf ppp authentication chap
vpdn username 01902248133@xln.co.uk password *****
dhcpd address 192.168.0.2-192.168.0.254 inside
dhcpd dns 62.24.134.1 78.151.235.2 interface inside
dhcpd domain local.co.uk interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
username 01902248133@xln.co.uk password mRjNvxqQs5d1/kiC encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:b15966921e2 8765ee7c90 7a6a21dd4c 3
: end
: Saved
:
ASA Version 9.1(2)
!
hostname asa
domain-name xln.co.uk
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface Ethernet0/0
description connected to ISP
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ffdsdfsdf
ip address pppoe setroute
!
ftp mode passive
dns server-group DefaultDNS
domain-name xln.co.uk
pager lines 24
logging enable
logging host inside 192.168.0.2 6/1470
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
nat (inside,outside) after-auto source dynamic any interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-reco
user-identity default-domain LOCAL
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group main request dialout pppoe
vpdn group main localname 01902248133@xln.co.uk
vpdn group main ppp authentication chap
vpdn group ffdsdfsdf request dialout pppoe
vpdn group ffdsdfsdf localname 01902248133@xln.co.uk
vpdn group ffdsdfsdf ppp authentication chap
vpdn username 01902248133@xln.co.uk password *****
dhcpd address 192.168.0.2-192.168.0.254 inside
dhcpd dns 62.24.134.1 78.151.235.2 interface inside
dhcpd domain local.co.uk interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
username 01902248133@xln.co.uk password mRjNvxqQs5d1/kiC encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:b15966921e2
: end
ASKER
my win 7 pc receives an auto ip address via my asa asdm gui as pre-configured, hence inside shows in gui as up/up.
note: just to mention the xln router is set with:
pppoa - vc - 0/38
static ip - as expected
username - as expected
pw: - as expected (although hides password as blank by default)
pppoa
asa:
is set with pppoe - but this has always been set but only difference i can see. isp stated that i should have pppoa not pppoe, but i said this is what i always select.
note: just to mention the xln router is set with:
pppoa - vc - 0/38
static ip - as expected
username - as expected
pw: - as expected (although hides password as blank by default)
pppoa
asa:
is set with pppoe - but this has always been set but only difference i can see. isp stated that i should have pppoa not pppoe, but i said this is what i always select.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
: Saved
: Written by 01902248133@xln.co.uk at 16:22:31.395 GMT/BDT Tue May 3 2016
!
ASA Version 9.1(2)
!
hostname FW-01
domain-name local.co.uk
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface Ethernet0/0
description connected to ISP
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/1
description connected to ROOT_BRIDGE_LAN
switchport trunk allowed vlan 1
speed 100
duplex full
!
interface Ethernet0/2
description connected to XP-MANAGEMENT
speed 100
duplex full
!
interface Ethernet0/3
description connected to WIN-7-LAPTOP
speed 100
duplex full
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group LOCAL-GP-WOLV
ip address pppoe setroute
!
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name local.co.uk
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging enable
logging monitor errors
logging trap errors
logging history errors
logging asdm informational
logging host inside 192.168.0.5 6/1470
logging permit-hostdown
mtu inside 1500
mtu outside 1500
ip verify reverse-path interface inside
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (inside,outside) dynamic interface
!
nat (inside,outside) after-auto source dynamic any interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-reco rd DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.0.0 255.255.255.0 inside
snmp-server host inside 192.168.0.7 community mikey111 version 2c
snmp-server location WOLVERHAMPTON
snmp-server contact mikeyspice
snmp-server community mikey111
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
fragment chain 1 inside
fragment chain 1 outside
auth-prompt prompt Users who do not have the proper authority to access this device are prohibited!!!! Any issues with connecting to this device then please call the Network Administrator (UK): 01902 345675
auth-prompt accept Your logon details have been accepted!!!
auth-prompt reject Your Username and or Password were not recognised!!!
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group LOCAL-GP-WOLV request dialout pppoe
vpdn group LOCAL-GP-WOLV localname 01902248133@xln.co.uk
vpdn group LOCAL-GP-WOLV ppp authentication chap
vpdn username 01902248133@xln.co.uk password Q7G7Y5U6Z7
dhcpd auto_config outside
!
dhcpd address 192.168.0.7-192.168.0.15 inside
dhcpd dns 62.24.134.1 8.8.8.8 interface inside
dhcpd lease 86400 interface inside
dhcpd domain xln.co.uk interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 195.222.33.219 source outside
tftp-server inside 192.168.0.2 config
webvpn
anyconnect-essentials
username 01902248133@xln.co.uk password mRjNvxqQs5d1/kiC encrypted privilege 15
username mikeyspiceT password 8edqdUKXtBqhyMrL encrypted
username mikeyspiceT attributes
service-type admin
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:09d2243ef68 ed5524a198 f5920c9774 4
: end
: Written by 01902248133@xln.co.uk at 16:22:31.395 GMT/BDT Tue May 3 2016
!
ASA Version 9.1(2)
!
hostname FW-01
domain-name local.co.uk
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface Ethernet0/0
description connected to ISP
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/1
description connected to ROOT_BRIDGE_LAN
switchport trunk allowed vlan 1
speed 100
duplex full
!
interface Ethernet0/2
description connected to XP-MANAGEMENT
speed 100
duplex full
!
interface Ethernet0/3
description connected to WIN-7-LAPTOP
speed 100
duplex full
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group LOCAL-GP-WOLV
ip address pppoe setroute
!
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name local.co.uk
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging enable
logging monitor errors
logging trap errors
logging history errors
logging asdm informational
logging host inside 192.168.0.5 6/1470
logging permit-hostdown
mtu inside 1500
mtu outside 1500
ip verify reverse-path interface inside
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (inside,outside) dynamic interface
!
nat (inside,outside) after-auto source dynamic any interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-reco
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.0.0 255.255.255.0 inside
snmp-server host inside 192.168.0.7 community mikey111 version 2c
snmp-server location WOLVERHAMPTON
snmp-server contact mikeyspice
snmp-server community mikey111
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
fragment chain 1 inside
fragment chain 1 outside
auth-prompt prompt Users who do not have the proper authority to access this device are prohibited!!!! Any issues with connecting to this device then please call the Network Administrator (UK): 01902 345675
auth-prompt accept Your logon details have been accepted!!!
auth-prompt reject Your Username and or Password were not recognised!!!
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group LOCAL-GP-WOLV request dialout pppoe
vpdn group LOCAL-GP-WOLV localname 01902248133@xln.co.uk
vpdn group LOCAL-GP-WOLV ppp authentication chap
vpdn username 01902248133@xln.co.uk password Q7G7Y5U6Z7
dhcpd auto_config outside
!
dhcpd address 192.168.0.7-192.168.0.15 inside
dhcpd dns 62.24.134.1 8.8.8.8 interface inside
dhcpd lease 86400 interface inside
dhcpd domain xln.co.uk interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 195.222.33.219 source outside
tftp-server inside 192.168.0.2 config
webvpn
anyconnect-essentials
username 01902248133@xln.co.uk password mRjNvxqQs5d1/kiC encrypted privilege 15
username mikeyspiceT password 8edqdUKXtBqhyMrL encrypted
username mikeyspiceT attributes
service-type admin
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:09d2243ef68
: end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
exactly and yes.
surely my pppoe should be identical at the isp end
surely my pppoe should be identical at the isp end
ASKER
it shows the isp connection as up/up but no ip address, which tells me that it is definately the isp as i did not manually add my static ip inside my asdm gui and my static ip address just appeared automatically inside my asdm gui confirming connected correctly.
when i attempted to add the static ip address inside the asdm gui for the outside and follow the wizard it did not work so i attempted multiple ways and still failed, then as it turns out (not adding the static ip) worked so i have done it this way ever since.
only since blanking my asa and starting again has this problem not arouse.
when i attempted to add the static ip address inside the asdm gui for the outside and follow the wizard it did not work so i attempted multiple ways and still failed, then as it turns out (not adding the static ip) worked so i have done it this way ever since.
only since blanking my asa and starting again has this problem not arouse.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
from my isp point of view my xln router is configured with the following which is correct, but the only thing i cannot remember is the pppoa as below:
pppoa - vc - 0/38
static ip - as expected
username - as expected
pw: - as expected (although hides password as blank by default)
so they cannot see anything wrong.
but if my my inside network is up and the outside is up/up then it is obvously the isp end
pppoa - vc - 0/38
static ip - as expected
username - as expected
pw: - as expected (although hides password as blank by default)
so they cannot see anything wrong.
but if my my inside network is up and the outside is up/up then it is obvously the isp end
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
although my asa is still connected to my isp: xln router set as 'disabled' in order to forward traffic to my asa, in order to email you i have plugged into my xln router.
i will now plug back into my asa and look for you.
i dont know how to add a pic direct inside comments so ive attached in .pdf
my logging pc is my actual win 7 as that is where my asdm is configured on so my asdm logging is also set to my win 7 dynamic ip 192.168.0.4, but it states in logging tearing down, even though it is allocated to my win 7 and can ping gateway as expected.
not mention of my internet connection
unusual.
asdm-logging.pdf
i will now plug back into my asa and look for you.
i dont know how to add a pic direct inside comments so ive attached in .pdf
my logging pc is my actual win 7 as that is where my asdm is configured on so my asdm logging is also set to my win 7 dynamic ip 192.168.0.4, but it states in logging tearing down, even though it is allocated to my win 7 and can ping gateway as expected.
not mention of my internet connection
unusual.
asdm-logging.pdf
odd to have an authenticated PPPoA connection and then an Authenticated PPPoE connection over it
I would guess that the router was in bridge/modem mode previously and is now in routed mode..
I would guess that the router was in bridge/modem mode previously and is now in routed mode..
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes by disabling the xln router it changes to 'bridge mode' & 'routed mode'
normal use of xln router - shows routed mode & pppoa
bridge mode - also shows routed mode & pppoa
basically both are identical
i will try manually adding pppoa as you say & if works, how do i locate it inside my asdm as it only shows pppoe, but when i attempted multiple configurations before they would not work.
normal use of xln router - shows routed mode & pppoa
bridge mode - also shows routed mode & pppoa
basically both are identical
i will try manually adding pppoa as you say & if works, how do i locate it inside my asdm as it only shows pppoe, but when i attempted multiple configurations before they would not work.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
previously i was with virgin media set as what i call 'modem enable' but now im with isp: xln.co.uk
as for the bridged mode i have not changed anything as by default it is set as 'routed & not bridge' as per instructed to disable firewall as per xln instructions not mine, which has worked for me for multiple months now.
i have just tried to enter manually 'pppoa' but it is not in list and will not except, but pppoe is
as for the bridged mode i have not changed anything as by default it is set as 'routed & not bridge' as per instructed to disable firewall as per xln instructions not mine, which has worked for me for multiple months now.
i have just tried to enter manually 'pppoa' but it is not in list and will not except, but pppoe is
ASKER
yes correct as below but it will not allow me to add: pppoa as not an option, only pppoe, something is up unless somewhere in my asdm gui an option will show pppoa but i cannot find it:
int vlan 2
nameif outside
security-levelo0
pppoe cient vpdn group ffdsdfsdf
ip address pppoe setroute
int vlan 2
nameif outside
security-levelo0
pppoe cient vpdn group ffdsdfsdf
ip address pppoe setroute
ASKER
if i have set asa back to factory-default then all should be good. i sent you my screenshots of what i follow when completing the asdm gui wizard, so unless you know where this pppoa, but i just dont understand as i have always selected it as that way was the only way that worked as all other ways when joining xln failed so i have been using it ever since.
ASKER
in my asdm wizard the only options to choose for 'outside' is:
static ip & sm
ip dhcp
pppoe
i have tried the below and both failed & pppoe showed as up/up & no ip address:
- static ip & sm: failed - ie my static ip from isp that i asked for thinking i needed it
- ip dhcp - fail
- pppoe - shows as up/up & no ip address but previously my static ip did show automatically as factory-default asa multiple times following same screenshots
static ip & sm
ip dhcp
pppoe
i have tried the below and both failed & pppoe showed as up/up & no ip address:
- static ip & sm: failed - ie my static ip from isp that i asked for thinking i needed it
- ip dhcp - fail
- pppoe - shows as up/up & no ip address but previously my static ip did show automatically as factory-default asa multiple times following same screenshots
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
maybe the router reset into router mode ?
if you just have a single address from the ISP, then the router MUST be in bridge/modem mode for that address to be on the ASA, and you MUST have the the PPPoE credentials on the ASA.
There is no PPPoA options on the ASA as PPPoA is PPP over ATM (DSL) PPPoE is PPP over Ethernet.
if you just have a single address from the ISP, then the router MUST be in bridge/modem mode for that address to be on the ASA, and you MUST have the the PPPoE credentials on the ASA.
There is no PPPoA options on the ASA as PPPoA is PPP over ATM (DSL) PPPoE is PPP over Ethernet.
ASKER
yes it occurred to me that after resetting xln router it set it back to routed.
I then rang xln & they said it should be set as routed not bridge.
Ive now selected bridge which showed my vc 0/38 & vlan 101 so ive selected vc 0/38 & pppoa to see if this is correct..
If my memory serves me correctly xln may have told me to change to bridge but i forgot.
So trying now.
I then rang xln & they said it should be set as routed not bridge.
Ive now selected bridge which showed my vc 0/38 & vlan 101 so ive selected vc 0/38 & pppoa to see if this is correct..
If my memory serves me correctly xln may have told me to change to bridge but i forgot.
So trying now.
bridge mode usually has to be manually configured, so if you did this step in the past, then repeating it would be the way to go.
ASKER
this is odd.
step 1
because after accessing bridge mode showing other options i selected pppoe to match my asdm wizard & vc 0/38 . but when logging onto my asdm & refreshed this did not add my static ip & stil showed no ip address up/ up.
Step2
I then accessed my xln router & selected routed & now extra options are also showing :
pppoa
ppoe
Vc 0/38
Vlan id 101
So i selected:
pppoe
Vc0/38
Logged onto asdm refreshed but same issie.
I mite need to send you screenshot of both bridge & routed.
step 1
because after accessing bridge mode showing other options i selected pppoe to match my asdm wizard & vc 0/38 . but when logging onto my asdm & refreshed this did not add my static ip & stil showed no ip address up/ up.
Step2
I then accessed my xln router & selected routed & now extra options are also showing :
pppoa
ppoe
Vc 0/38
Vlan id 101
So i selected:
pppoe
Vc0/38
Logged onto asdm refreshed but same issie.
I mite need to send you screenshot of both bridge & routed.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i can set the 'bridge mode' myself via the xln gui, so i will try this tomorrow and ring xln and confirm while on the phone in order to confirm each change.
the only thing is it runs at a snails pace
the only thing is it runs at a snails pace
ASKER
apologies for not returning to this thread.
although i had to ring my isp company they showed me manually how to change the ip address via a web browser for my asa5505 which nows shows:
outside - 192.168.1.xx/24
and the web browser asa5505 is still set as 'routed' & not bridged even though advised to set as 'bridged'. after speaking with the isp he advised it could be set as either 'routed or bridged' and when i looked at the explanations that appears correct so we left it as it is now and internet is up and running.
note:
although the internet is now up and running as per my above comments i think the reason why i was not able to get the internet back after following the wizard was because even though i configured it correctly via the wizard i ((did not)) put a tick in the box for:
"obtain default route using dhcp" - what i did also notice is that once the wizard is complete and then re-ran the wizard with the current setting still in place it would show:
"obtain default route using dhcp" - as unticked although i assumed it would be still ticked, so as it appears everytime this is ticked and the wizard is re-run this always has to be re-ticked.
although i had to ring my isp company they showed me manually how to change the ip address via a web browser for my asa5505 which nows shows:
outside - 192.168.1.xx/24
and the web browser asa5505 is still set as 'routed' & not bridged even though advised to set as 'bridged'. after speaking with the isp he advised it could be set as either 'routed or bridged' and when i looked at the explanations that appears correct so we left it as it is now and internet is up and running.
note:
although the internet is now up and running as per my above comments i think the reason why i was not able to get the internet back after following the wizard was because even though i configured it correctly via the wizard i ((did not)) put a tick in the box for:
"obtain default route using dhcp" - what i did also notice is that once the wizard is complete and then re-ran the wizard with the current setting still in place it would show:
"obtain default route using dhcp" - as unticked although i assumed it would be still ticked, so as it appears everytime this is ticked and the wizard is re-run this always has to be re-ticked.
ASKER
just for clarity:
"obtain default route using dhcp" - is set for the 'outside' interface due to setting my asa5505 web browser to a 192.168.1.xx/24 network.
"obtain default route using dhcp" - is set for the 'outside' interface due to setting my asa5505 web browser to a 192.168.1.xx/24 network.
ASKER
even though i resolved my own question via my isp, the expert advice is still sound.
It would be useful for you to post a suitably sanitized copy of the config rather than just the changes you have made.