Announcement

Collapse
No announcement yet.

Cisco ASA 5510 no internet access

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA 5510 no internet access

    I am setting up a ASA 5510 for the first time to be used as a router. This is coming from a cable modem I believe i have the configuration correct:

    ASA Version 7.0(
    !
    hostname ciscoasa
    domain-name default.domain.invalid
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    dns-guard
    !
    interface Ethernet0/0
    nameif Outside
    security-level 0
    ip address 74.xx.xxx.49 255.255.255.248
    !
    interface Ethernet0/1
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/3
    nameif inside
    security-level 50
    ip address 192.168.54.1 255.255.255.0
    !
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    management-only
    !
    ftp mode passive
    pager lines 24
    logging enable
    logging asdm informational
    mtu Outside 1500
    mtu inside 1500
    mtu management 1500
    no failover
    monitor-interface Outside
    monitor-interface inside
    monitor-interface management
    asdm image disk0:/asdm-508.bin
    no asdm history enable
    arp timeout 14400
    global (Outside) 10 interface
    nat (inside) 10 192.168.54.0 255.255.255.0
    route Outside 0.0.0.0 0.0.0.0 74.xx.xxx.49 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http 192.168.1.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.54.2-192.168.54.254 inside
    dhcpd address 192.168.1.2-192.168.1.254 management
    dhcpd lease 3600
    dhcpd ping_timeout 50
    dhcpd enable management
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    Cryptochecksum:a99d30a19c7cf32455661cb751244b0e
    : end


    the log shows the path being built but gets torn down 2 minutes later:

    Built dynamic UDP translation from inside 192.168.54.12/58491 to Outside: 74.xx.xxx.49/1034
    Built outbound UDP connection 95 for Outside 4.2.2.2/53 (4.2.2.2/53) to inside 192.168.54.12/5849 (74.xx.xxx.49/1034)
    Teardown UDP connection 95 for Outside:4.2.2.2/53 to inside:192.168.54.12/62699 duration 0:02:08 bytes 210
    Teardown dynamic UDP translation from inside:192.168.54.12/64353 to Outside: 74.xx.xxx.49/1028 duration 0:02:30

    Nat appears to be working just fine.

  • #2
    Re: Cisco ASA 5510 no internet access

    This seems wrong to me: route Outside 0.0.0.0 0.0.0.0 74.xx.xxx.49 1

    It should not be your outside interface.

    interface Ethernet0/0
    nameif Outside
    security-level 0
    ip address 74.xx.xxx.49 255.255.255.248


    It should be the next router hop.
    CCNA, Network+

    Comment


    • #3
      Re: Cisco ASA 5510 no internet access

      So would that be my gateway given to me by my ISP? I will try that and post back if that works thank you.

      Comment


      • #4
        Re: Cisco ASA 5510 no internet access

        Daze, thank you. I just changed my default route to the next hop and it all started working.

        Comment


        • #5
          Re: Cisco ASA 5510 no internet access

          Alternatively you can set the default gateway to be the physical interface (Serial).

          Comment

          Working...
          X