BLOG
Configuring network access with Cisco ASA via minicom utility
Configuring Cisco ASA 5500-series as network gateway.
First step - enter in "configure terminal" mode:
Configure "outside" interface - GigabitEthernet 0/0. It must be connected to internet provider side:
"Inside" interface - GigabitEthernet 0/1. This interface looks in your local area network (LAN):
Set DNS for your LAN clients:
This step require setup route from local area network in internet through provider's gateway. Set traffic route:
Try ping any source and see result:
Create new object for new subnet:
Setup NAT:
Allow ping from local network to WAN:
Setup DHCP:
First step - enter in "configure terminal" mode:
cisco> enable
cisco# configure terminal
cisco(config)#
Configure "outside" interface - GigabitEthernet 0/0. It must be connected to internet provider side:
interface GigabitEthernet 0/0Internet provider give you IP address, gateway and subnet mask.
description "Outside interface to ISP router from internet provider"
nameif outside
security-level 0
ip address X.X.X.X 255.255.255.252
"Inside" interface - GigabitEthernet 0/1. This interface looks in your local area network (LAN):
interface GigabitEthernet 0/1Here "ip address" instruction means - you set gateway for subnet. Subnet may be 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16. See Reserved IP addresses for help.
description "Inside interface to LAN network"
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
Set DNS for your LAN clients:
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
This step require setup route from local area network in internet through provider's gateway. Set traffic route:
route outside 0.0.0.0 0.0.0.0 X.X.X.X
Try ping any source and see result:
ciscoasa(config)# ping google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.194.73.113, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/86/90 ms
Create new object for new subnet:
object network LAN_NETWORK
subnet 192.168.1.0 255.255.255.0
Setup NAT:
nat (inside,outside) after-auto source dynamic any interface
Allow ping from local network to WAN:
policy-map global_policy
class inspection_default
inspect icmp
Setup DHCP:
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable inside
dhcpd dns 8.8.8.8 8.8.4.4
