adding asa 5510 to existing lan

Discussion in 'Cisco' started by coj0nes, Jul 15, 2007.

  1. coj0nes

    coj0nes

    Joined:
    Jul 15, 2007
    Messages:
    1
    I'm trying to setup an ASA 5510 on our exisiting network as the first step to establish an EasyVPN, NEM site to site type setup. This is kind of a lab exercise, I have my CCNA test coming up and I want to try to learn by doing so any help would be great (you may think this is beyond my level, but that's fine I'm still trying to learn it)

    I figured the first step would be to configure the ASA as a firewall/ router and then install the VPN after that. (our system used to use a server 2003 RRAS box to NAT, so I figured it would be best to use the ASA for that instead.
    This is my first firewall install so I researched it a bit and read a bunch of the white papers and setup guides, but I can't figure out where i went wrong.

    I know some of this may sound mundane but I want to show you my assumptions first, in case I missed a no brianer (it is late here) ;)

    Background/Assumptions:

    Since I'm using the DSL modem in bridge mode (I think this makes the most sense) the outside interface on the ASA should be my Public IP, and is connected directly to the DSL modem.

    Inside address is a local IP on the LAN and is connected to a switch port.

    Configured NAT as I read in several examples.

    Set my PC's Nic to take the ASA as the gateway, and that didn't work, so I set the PC to use the ASA as the gateway and the DNS server and that got me some webpages but then stopped working.

    here's my running config, let me know what you think, like i siad it's getting late and I've tried the CLI and ADSM each a few times, what am I missing?

    Thanks!
    - John


    centurion(config)# show running-config
    : Saved
    :
    ASA Version 7.0(6)
    !
    hostname centurion
    domain-name example.com
    enable password xxxxxxxxx encrypted
    names
    dns-guard
    !
    interface Ethernet0/0
    nameif Outside
    security-level 0
    ip address 70.20.123.456 255.255.255.0
    !
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 192.168.123.456 255.255.255.0
    !
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Management0/0
    shutdown
    nameif Management
    security-level 0
    ip address 192.168.123.456 255.255.255.0
    management-only
    !
    passwd xxxxxxxxxxx encrypted
    ftp mode passive
    access-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.
    255.255.0
    access-list ezvpn1 extended permit ip 192.168.0.0 255.255.255.0 192.168
    255.255.0
    access-list Outside_access_in extended permit tcp any any inactive
    access-list inside_access_in extended permit tcp any any inactive
    pager lines 24
    mtu inside 1500
    mtu Outside 1500
    mtu Management 1500
    mtu dmz 1500
    no failover
    icmp permit any inside
    icmp permit any echo-reply Outside
    asdm image disk0:/asdm506.bin
    no asdm history enable
    arp timeout 14400
    global (Outside) 1 interface
    nat (inside) 0 access-list no-nat
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,Outside) 70.20.123.0 192.168.0.0 netmask 255.25
    access-group inside_access_in in interface inside
    access-group Outside_access_in in interface Outside
    route Outside 0.0.0.0 0.0.0.0 70.20.123.205 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http 192.168.123.456 255.255.255.255 inside
    http 192.168.0.123 456.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    : end
     
    coj0nes, Jul 15, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shawn

    Adding Wireless acess point to existing network.

    Shawn, Oct 17, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    3,922
  2. Tilman Schmidt
    Replies:
    0
    Views:
    3,326
    Tilman Schmidt
    Jan 24, 2008
  3. Tilman Schmidt
    Replies:
    5
    Views:
    19,080
    Lutz Donnerhacke
    Feb 18, 2008
  4. Infosys2008
    Replies:
    1
    Views:
    3,562
    networkerz
    Jul 19, 2011
  5. gbottazzi
    Replies:
    0
    Views:
    1,971
    gbottazzi
    Feb 29, 2012
Loading...

Share This Page