Hello All,
I'm setting up an ASA 5505 for a client and am pretty much done. However, I have a question. Where in the configuration (ASDM Web Interface or CLI) do I enter the default gateway for the ISP? The client is using a DSL modem for access to the internet and they acquired 1 static IP address and was given the primary and secondary DNS plus the default gateway of the ISP. I've configured the ASA but can only see where the IP address and DNS numbers go.
Where does the default gateway of the ISP enter into all of this?
The DSL modem is set up as a Bridge for the ASA to access the internet.
My configuration is below.........please feel free to comment on any configuration concerns you might see.
Thanks in advance,
Bucksarge
: ASA Version 7.2(4) ! hostname xxx domain-name xxx enable password xxx encrypted passwd xxxencrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address x.x.x.x 255.255.255.x ! interface Vlan3 no forward interface Vlan1 nameif dmz security-level 50 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive dns server-group DefaultDNS domain-name xxx access-list xxxx_splitTunnelAcl standard permit 192.168.1.0
255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.240 pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 ip local pool xxxx 192.168.2.3-192.168.2.12 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 global (outside) 1 192.168.99.3-192.168.99.45 netmask 255.255.255.0 nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set pfs group1 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 10 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.3-192.168.1.45 inside dhcpd dns x.x.x.x x.x.x.x interface inside dhcpd enable inside !group-policy xxx internal group-policy xxxx attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value xxxx_splitTunnelAcl username xxx xxxxxxxx privilege 0 username xxxx attributes vpn-group-policy xxxx tunnel-group xxxx type ipsec-ra tunnel-group xxxx general-attributes address-pool xxxx default-group-policy xxxxx tunnel-group xxxx ipsec-attributes pre-shared-key * ! ! prompt hostname context Cryptochecksum:x