Re: Cofiguring ASA 5505: Static IP, DNS, Gateway

Discussion in 'Cisco' started by Mark Huizer, Mar 5, 2010.

  1. Mark Huizer

    Mark Huizer Guest

    The wise Buck Rogers enlightened me with:
    > Hello,
    >
    > Sorry for top posting.........I was wondering if I could get some
    > input on my question below concerning the ISP's gateway and where (if
    > at all) does it go in the ASA configuration?


    Are you using the adsm gui or command line?
    In the gui make a static route for 0.0.0.0 0.0.0.0 to your isp's
    router on the outside interface . In the CLI use something like 'route
    outside 0.0.0.0 0.0.0.0 1.2.3.4 1'

    Mark

    > Regards,
    >
    > Bucksarge
    >
    >
    > On Mon, 01 Mar 2010 18:12:32 -0600, Buck Rogers <>
    > wrote:
    >
    >>Hello All,
    >>
    >>I'm setting up an ASA 5505 for a client and am pretty much done.
    >>However, I have a question. Where in the configuration (ASDM Web
    >>Interface or CLI) do I enter the default gateway for the ISP? The
    >>client is using a DSL modem for access to the internet and they
    >>acquired 1 static IP address and was given the primary and secondary
    >>DNS plus the default gateway of the ISP. I've configured the ASA but
    >>can only see where the IP address and DNS numbers go.
    >>
    >>Where does the default gateway of the ISP enter into all of this?
    >>
    >>The DSL modem is set up as a Bridge for the ASA to access the
    >>internet.
    >>
    >>My configuration is below.........please feel free to comment on any
    >>configuration concerns you might see.
    >>
    >>Thanks in advance,
    >>
    >>Bucksarge
    >>
    >>:
    >>ASA Version 7.2(4)
    >>!
    >>hostname xxx
    >>domain-name xxx
    >>enable password xxx encrypted
    >>passwd xxxencrypted
    >>names
    >>!
    >>interface Vlan1
    >> nameif inside
    >> security-level 100
    >> ip address 192.168.1.1 255.255.255.0
    >>!
    >>interface Vlan2
    >> nameif outside
    >> security-level 0
    >> ip address x.x.x.x 255.255.255.x
    >>!
    >>interface Vlan3
    >> no forward interface Vlan1
    >> nameif dmz
    >> security-level 50
    >> ip address 10.10.10.1 255.255.255.0
    >>!
    >>interface Ethernet0/0
    >> switchport access vlan 2
    >>!
    >>interface Ethernet0/1
    >>!
    >>interface Ethernet0/2
    >>!
    >>interface Ethernet0/3
    >>!
    >>interface Ethernet0/4
    >>!
    >>interface Ethernet0/5
    >>!
    >>interface Ethernet0/6
    >>!
    >>interface Ethernet0/7
    >>!
    >>ftp mode passive
    >>dns server-group DefaultDNS
    >> domain-name xxx
    >>access-list xxxx_splitTunnelAcl standard permit 192.168.1.0
    >>255.255.255.0
    >>access-list inside_nat0_outbound extended permit ip 192.168.1.0
    >>255.255.255.0 192.168.2.0 255.255.255.240
    >>pager lines 24
    >>logging asdm informational
    >>mtu inside 1500
    >>mtu outside 1500
    >>mtu dmz 1500
    >>ip local pool xxxx 192.168.2.3-192.168.2.12
    >>icmp unreachable rate-limit 1 burst-size 1
    >>asdm image disk0:/asdm-524.bin
    >>no asdm history enable
    >>arp timeout 14400
    >>global (outside) 1 192.168.99.3-192.168.99.45 netmask 255.255.255.0
    >>nat (inside) 0 access-list inside_nat0_outbound
    >>nat (inside) 1 0.0.0.0 0.0.0.0
    >>timeout xlate 3:00:00
    >>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    >>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
    >>0:05:00
    >>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00
    >>sip-disconnect 0:02:00
    >>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    >>http server enable
    >>http 192.168.1.0 255.255.255.0 inside
    >>no snmp-server location
    >>no snmp-server contact
    >>snmp-server enable traps snmp authentication linkup linkdown coldstart
    >>crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    >>crypto dynamic-map outside_dyn_map 20 set pfs group1
    >>crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
    >>crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    >>crypto map outside_map interface outside
    >>crypto isakmp enable outside
    >>crypto isakmp policy 10
    >> authentication pre-share
    >> encryption 3des
    >> hash sha
    >> group 2
    >> lifetime 86400
    >>crypto isakmp nat-traversal 20
    >>telnet timeout 5
    >>ssh 192.168.1.0 255.255.255.0 inside
    >>ssh 0.0.0.0 0.0.0.0 outside
    >>ssh timeout 10
    >>console timeout 0
    >>dhcpd auto_config outside
    >>!
    >>dhcpd address 192.168.1.3-192.168.1.45 inside
    >>dhcpd dns x.x.x.x x.x.x.x interface inside
    >>dhcpd enable inside
    >>!
    >>
    >>group-policy xxx internal
    >>group-policy xxxx attributes
    >> vpn-tunnel-protocol IPSec
    >> split-tunnel-policy tunnelspecified
    >> split-tunnel-network-list value xxxx_splitTunnelAcl
    >>username xxx xxxxxxxx privilege 0
    >>username xxxx attributes
    >> vpn-group-policy xxxx
    >>tunnel-group xxxx type ipsec-ra
    >>tunnel-group xxxx general-attributes
    >> address-pool xxxx
    >> default-group-policy xxxxx
    >>tunnel-group xxxx ipsec-attributes
    >> pre-shared-key *
    >>!
    >>!
    >>prompt hostname context
    >>Cryptochecksum:x
     
    Mark Huizer, Mar 5, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tilopa88

    asa 5505 static pat problem

    tilopa88, Apr 25, 2007, in forum: Cisco
    Replies:
    0
    Views:
    541
    tilopa88
    Apr 25, 2007
  2. tilopa88

    asa 5505 static pat problem

    tilopa88, Apr 25, 2007, in forum: Cisco
    Replies:
    2
    Views:
    557
    tilopa88
    Apr 26, 2007
  3. tilopa88

    asa 5505 static pat problem

    tilopa88, Apr 25, 2007, in forum: Cisco
    Replies:
    0
    Views:
    448
    tilopa88
    Apr 25, 2007
  4. Replies:
    1
    Views:
    3,365
  5. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    670
    Dogg Child
    Jun 7, 2010
Loading...

Share This Page