Cofiguring ASA 5505: Static IP, DNS, Gateway

Hello All,

I'm setting up an ASA 5505 for a client and am pretty much done. However, I have a question. Where in the configuration (ASDM Web Interface or CLI) do I enter the default gateway for the ISP? The client is using a DSL modem for access to the internet and they acquired 1 static IP address and was given the primary and secondary DNS plus the default gateway of the ISP. I've configured the ASA but can only see where the IP address and DNS numbers go.

Where does the default gateway of the ISP enter into all of this?

The DSL modem is set up as a Bridge for the ASA to access the internet.

My configuration is below.........please feel free to comment on any configuration concerns you might see.

Thanks in advance,

Bucksarge

: ASA Version 7.2(4) ! hostname xxx domain-name xxx enable password xxx encrypted passwd xxxencrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address x.x.x.x 255.255.255.x ! interface Vlan3 no forward interface Vlan1 nameif dmz security-level 50 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive dns server-group DefaultDNS domain-name xxx access-list xxxx_splitTunnelAcl standard permit 192.168.1.0

255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.240 pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 ip local pool xxxx 192.168.2.3-192.168.2.12 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 global (outside) 1 192.168.99.3-192.168.99.45 netmask 255.255.255.0 nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set pfs group1 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 10 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.3-192.168.1.45 inside dhcpd dns x.x.x.x x.x.x.x interface inside dhcpd enable inside !

group-policy xxx internal group-policy xxxx attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value xxxx_splitTunnelAcl username xxx xxxxxxxx privilege 0 username xxxx attributes vpn-group-policy xxxx tunnel-group xxxx type ipsec-ra tunnel-group xxxx general-attributes address-pool xxxx default-group-policy xxxxx tunnel-group xxxx ipsec-attributes pre-shared-key * ! ! prompt hostname context Cryptochecksum:x

Reply to
Buck Rogers
Loading thread data ...

Hello,

Sorry for top posting.........I was wondering if I could get some input on my question below concerning the ISP's gateway and where (if at all) does it go in the ASA configuration?

Regards,

Bucksarge

Reply to
Buck Rogers

The wise Buck Rogers enlightened me with:

Are you using the adsm gui or command line? In the gui make a static route for 0.0.0.0 0.0.0.0 to your isp's router on the outside interface . In the CLI use something like 'route outside 0.0.0.0 0.0.0.0 1.2.3.4 1'

Mark

Reply to
Mark Huizer

Mark,

Thank you for answering!! I'll be at the client's office tomorrow and will implement a static route as you suggest. I'll report the results.

Thanks Again,

Bucksarge

Reply to
Buck Rogers

Mark,

An update. All is well.

I added the static route and still had no connection. After reviewing some previous clients' configs, I changed from NAT to PAT and voila....it worked. I only wish I new why?

But again, the static route for the gateway was crucial for the setup to work.

Thanks,

Buck

Reply to
Buck Rogers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.