Questions

How do I configure a Cisco ASA 5510 for Internet Access

Tags:
+
0 Votes
Locked

How do I configure a Cisco ASA 5510 for Internet Access

daniel.maisu
I am new to the Cisco ASA 5510 and want to configure it so everyone on it's inside interface has internet access.

Please give me a basic configuration steps on what to do. A sample config would help very much...
  • +
    0 Votes
    jkofinas

    Step1: Configure a privileged level password (enable password)

    By default there is no password for accessing the ASA firewall, so the first step before doing anything else is to configure a privileged level password, which will be needed to allow subsequent access to the appliance. Configure this under Configuration Mode:

    ASA5510(config)# enable password mysecretpassword

    Step2: Configure the public outside interface

    ASA5510(config)# interface Ethernet0/0

    ASA5510(config-if)# nameif outside

    ASA5510(config-if)# security-level 0

    ASA5510(config-if)# ip address 100.100.100.1 255.255.255.252

    ASA5510(config-if)# no shut

    Step3: Configure the trusted internal interface

    ASA5510(config)# interface Ethernet0/1

    ASA5510(config-if)# nameif inside

    ASA5510(config-if)# security-level 100

    ASA5510(config-if)# ip address 192.168.10.1 255.255.255.0

    ASA5510(config-if)# no shut

    Step 4: Configure PAT on the outside interface

    ASA5510(config)# global (outside) 1 interface

    ASA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0

    Step 5: Configure Default Route towards the ISP (assume default gateway is 100.100.100.2)

    ASA5510(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.2 1

    Step 6: Configure the firewall to assign internal IP and DNS address to hosts using DHCP

    ASA5510(config)# dhcpd dns 200.200.200.10

    ASA5510(config)# dhcpd address 192.168.10.10-192.168.10.200 inside

    ASA5510(config)# dhcpd enable inside

    The above basic configuration is just the beginning for making the appliance operational. There are many more configuration features that you need to implement to increase the security of your network, such as Static and Dynamic NAT, Access Control Lists to control traffic flow, DMZ zones, VPN etc.

    BTW I pulled this info from another site... I was just toooo lazy to type it all out myself:-)

    Cheers
    John

    +
    0 Votes
    daniel.maisu

    Thanks for the info. I will try it out and see if I can access the internet through the ASA.

  • +
    0 Votes
    jkofinas

    Step1: Configure a privileged level password (enable password)

    By default there is no password for accessing the ASA firewall, so the first step before doing anything else is to configure a privileged level password, which will be needed to allow subsequent access to the appliance. Configure this under Configuration Mode:

    ASA5510(config)# enable password mysecretpassword

    Step2: Configure the public outside interface

    ASA5510(config)# interface Ethernet0/0

    ASA5510(config-if)# nameif outside

    ASA5510(config-if)# security-level 0

    ASA5510(config-if)# ip address 100.100.100.1 255.255.255.252

    ASA5510(config-if)# no shut

    Step3: Configure the trusted internal interface

    ASA5510(config)# interface Ethernet0/1

    ASA5510(config-if)# nameif inside

    ASA5510(config-if)# security-level 100

    ASA5510(config-if)# ip address 192.168.10.1 255.255.255.0

    ASA5510(config-if)# no shut

    Step 4: Configure PAT on the outside interface

    ASA5510(config)# global (outside) 1 interface

    ASA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0

    Step 5: Configure Default Route towards the ISP (assume default gateway is 100.100.100.2)

    ASA5510(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.2 1

    Step 6: Configure the firewall to assign internal IP and DNS address to hosts using DHCP

    ASA5510(config)# dhcpd dns 200.200.200.10

    ASA5510(config)# dhcpd address 192.168.10.10-192.168.10.200 inside

    ASA5510(config)# dhcpd enable inside

    The above basic configuration is just the beginning for making the appliance operational. There are many more configuration features that you need to implement to increase the security of your network, such as Static and Dynamic NAT, Access Control Lists to control traffic flow, DMZ zones, VPN etc.

    BTW I pulled this info from another site... I was just toooo lazy to type it all out myself:-)

    Cheers
    John

    +
    0 Votes
    daniel.maisu

    Thanks for the info. I will try it out and see if I can access the internet through the ASA.