Question about Cisco ASA 5500 Firewall

1 Answer

Cisco asa5505 problem

Hi,
I have a problem to access Internet from inside host.
My internet settings are:
Range 89.215.168.64 - 127
Mask 255.255.255.192
Gateway 89.215.168.65
DNS 217.9.224.2; 217.9.224.3

The following is my configuration of the firewall:
ASA Version 7.2(2)
sh run
: Saved
:
ASA Version 7.2(2)
!
hostname DarrkoEOOD
domain-name default.domain.invalid
enable password my encrypted
names
!
interface Vlan1
nameif inside
security-level 50
ip address 89.215.168.65 255.255.255.192
!
interface Vlan2
nameif Evrokom
security-level 90
ip address 89.215.174.66 255.255.255.252
!
interface Vlan3
description Evrocom-DNS_Blackhole
nameif DNS
security-level 0
ip address 10.0.0.1 255.255.255.252
!
interface Ethernet0/0
description LAN
!
interface Ethernet0/1
description Evrokom
switchport access vlan 2
!
interface Ethernet0/2
description Evrocom-DNS_Blackhole
switchport access vlan 3
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd my encrypted
ftp mode passive
clock timezone EEDT 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list IPSAllowedOutsideInterface extended permit ip host 71.169.2.10 any
access-list IPSAllowedOutsideInterface extended permit ip host 72.89.63.208 any
access-list IPSAllowedOutsideInterface extended permit ip 69.64.222.0 255.255.255.0 any
access-list IPSAllowedOutsideInterface extended permit ip host 77.85.217.18 any
access-list IPSAllowedOutsideInterface extended permit ip host 62.204.140.9 any
access-list IPSAllowedOutsideInterface extended permit tcp 213.226.0.0 255.255.0.0 any eq ssh
access-list IPSAllowedOutsideInterface extended deny tcp any any eq 3389
access-list IPSAllowedOutsideInterface extended deny tcp any any eq ssh
access-list IPSAllowedOutsideInterface extended permit ip any any
pager lines 24
logging timestamp
logging buffer-size 1048576
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu Evrokom 1500
mtu DNS 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any Evrokom
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (Evrokom) 10 interface
nat (inside) 10 89.215.168.64 255.255.255.192
access-group IPSAllowedOutsideInterface in interface inside
access-group IPSAllowedOutsideInterface out interface inside
access-group IPSAllowedOutsideInterface in interface Evrokom
access-group IPSAllowedOutsideInterface out interface Evrokom
route Evrokom 0.0.0.0 0.0.0.0 89.215.174.65 1 track 1
route Evrokom 217.9.224.2 255.255.255.255 89.215.174.65 1 track 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:20:00 udp 1:00:00 icmp 0:00:05
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password rj3RJA7.tmoyw8bB encrypted privilege 15
username thegrave password my encrypted privilege 15
aaa authentication ssh console LOCAL
http server enable
http 62.204.140.9 255.255.255.255 Evrokom
http 213.226.0.0 255.255.255.0 Evrokom
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 1
type echo protocol ipIcmpEcho 206.190.56.229 interface Evrokom
num-packets 5
request-data-size 48
timeout 8000
frequency 30
sla monitor schedule 1 life forever start-time now
service resetinbound interface inside
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
telnet timeout 5
ssh 72.89.63.208 255.255.255.255 Evrokom
ssh 213.226.0.0 255.255.0.0 Evrokom
ssh 67.85.83.39 255.255.255.255 Evrokom
ssh 62.204.140.9 255.255.255.255 Evrokom
ssh 77.85.217.18 255.255.255.255 Evrokom
ssh timeout 5
ssh version 2
console timeout 0
dhcpd lease 32000
!
dhcpd address 89.215.168.66-89.215.168.125 inside
dhcpd dns 217.9.224.2 212.39.90.42 interface inside
dhcpd enable inside
!
!
!
ntp server 129.6.15.29 source Evrokom
ntp server 129.6.15.28 source Evrokom prefer
prompt hostname context
Cryptochecksum:1ac6d4d29acbcceab6b86a84561bb346
: end

Posted by on

Ad

1 Answer

  • Level 1:

    An expert who has achieved level 1.

    Hot-Shot:

    An expert who has answered 20 questions.

    Corporal:

    An expert that has over 10 points.

    Mayor:

    An expert whose answer got voted for 2 times.

  • Contributor
  • 42 Answers

You seem to have the last resort (o.o.o.o) set to VLAN1 which is set as an inside interface.
Is VLAN1 connected to the outside router or internet backbone?
If not, change the last resort to the outside Ethernet port.

Posted on May 09, 2008

Ad

1 Suggested Answer

6ya6ya

6ya staff

  • 2 Answers

SOURCE:

Hi there,
Save hours of searching online or wasting money on unnecessary repairs by talking to a 6YA Expert who can help you resolve this issue over the phone in a minute or two.

Best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.

Here's a link to this great service

Good luck!

Posted on Jan 02, 2017

Ad

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

I want to set up a server and 10 computer LAN without an internet connetin involved


just hook it up, you have no router involved so it will have no internet connection.
Just connect all the PC's to the switch using straight through patch leads and assign the IP address manually as DHCP will not run on the switch.
you don't need a default gateway address as there will be no routing. Just set the IP addresses to;
192.168.0.1
192.168.0.2
192.168.0.3
and so on for each host on the LAN.
Use the subnet mask 255.255.255.0 this will give you the address range 192.168.0.1-254

hope this helps.

May 03, 2012 | D-Link DES Computers & Internet

1 Answer

I'm using two Macintosh Computers. I followed the quick setup wizard, all the right lights are lit. I've reset my broadband modem, I've reset the Dynex Router. Yet I can't make contact...


Richard have you tried setting up static ip addresses on the MACs
If you have other p.c's on network with auto ip assignment then alter the DHCP server lease to 192.168.1.10 to 192.168.1.240
then make ip address static 192.168.1.241 subnet mask 255.255.255.0 default gateway 192.168.1.1 and on the other mac
make ip address static 192.168.1.242 subnet mask 255.255.255.0 default gateway 192.168.1.1
http://www.macinstruct.com/node/550

Jul 07, 2017 | Dynex DX-E402 Router

2 Answers

Major wireless problems.. I can connect to my wireless router (Thomson 585v8) but i cant connect to the internet. When it connects it says local only. How do i fix it so i can go on the internet..??


check if the ip address that you are getting begins with 192.169.x.x ( x = any number between 1 to 254) check that your router the DHCP service is enable and that there a network range set (example lets say your gateway ip is 192.158.0.1 then your dhcp by defult in most cases will look like this ip range 192.168.0.2 - 192.168.0.254 using a netmask of 255.255.255.0 that will give you 254 ips per network.)

if your ip start with 192.169.x.x the that means that your machine is not getting a real ip assigned to it all you get is an APIPA that is just a reseved ip by the system to fill out ethernet interfaces that don't have and static ip or are in a network without a DHCP server.

you can set a static ip in the client pc if you don't want to enable DHCP in the router.

when you see Local Only message it means that your pc hasn't detected a route to the outside network ( internet ) without a proper gateway you will not be able to get to the internet, your router ip is always your gateway.

example:

Router Client pc

IP 192,168.0.1 IP 192.168.0.2
subnet mask 255.255.255.0 subnet mask 255.255.255.0
default gateway 192.168.0.1

Mar 03, 2011 | Computers & Internet

1 Answer

Just brought a Sony Bravia HX 800 and added a wireless LAN adapter (UWA-BR100) to get Internet TV. After network set up NOT able to access internet. Message reads Wireless device OK Local Access FAILED...


Hi

I got the Bravia KDL-40EX713 and the uwa-br100 I had massive problems getting it to work with a BT home hub. Eventually I found manual setting that work. Firstly I logged on to the router and went the the advanced settings bit, then I went to the DHCP table that shows all the devices connected. I picked an unused Ip address from the range of existing ones being used (this sort of thing 192.168.1.73)


I then used the following settings for the other fields (I don't think the secondary dns setting is right but it still works)

ip 192.168.1.73

sn mask 255.255.255.0

default gateway 192.168.1.254

primary dns 192.168.1.254

secondary dns 192.168.22.23


If the DNS server ip is wrong then you get local access OK but internet access failed.


Hope this helps.


Ian

Jan 30, 2011 | Apple AirPort Extreme Base Station

1 Answer

I have a WNDR3400 and it serves DHCP IP addresses in the range of 192.168.2.x subnet. The routers is connected to the another local subnet 192.16.1.x I want the computers on the 192.168.2.x to be...


You need to set the subnet mask correctly on the machines so the machines can see traffic on both subnets. If DCHP is issuing the IP address of each subnet, it's also issuing the subnet mask. You should be able to configure both routers to issue a subnet mask of 255.255.0.0 and that would give your computers on either subnet visibility to both networks. Make sure to configure only one of these routers as the gateway and make sure both routers agree which one is the gateway to the Internet otherwise some of the computers won't have Internet access.

I’m happy to help further over the phone at https://www.6ya.com/expert/matt_7e951e081251ffbc

Jun 30, 2017 | NetGear WNDR3400 N600 Wireless Dual Band...

1 Answer

Hi. i cant connect to print server d-link dp301p+ IP to configure it?! who knows what IP by default it have? 192.168.0.10 doesnt work... Thanks, Mike


First find out the IP address , Subnet mask,and Gateway addresses of your ISP ( Internet Service Provider ). According to above addresses, you have to complete the network settings of your printer by mentioning the different IP address .

To find out the above mentioned addresses, first open the control panel -> network connections -> local area connction -> properties -> Internet Protocol Version 4(TCP/IPV4) OR Internet Protocol Version 6 (TCP/IPV6)according to your ISP -> Properties

By the systematic selection as mentioned above you will get the IP address, subnet mask and Gateway addresses.

Suppose your IP address is 192.168.0.10 , the gateway may be 192.168.0.1 Or any number. And the subnet mask may be XYY.XYY.XYY.0.

According to your ISP addresses you have to complete the network settings of your printer. First press the additional functions -> system settings -> network settings -> TCP/IP settings -> fill up the addresses as follows.

IP address : 192.168.0.16 OR any number .

subnet mask : XYY.XYY.XYY.0.

Gateway : 192.168.0.1

Hurray ! the problem about your network connection with the printer to your computer will be automatically solved.

Sep 28, 2010 | Computers & Internet

1 Answer

Wirless connection wont connect to network.


On the WLAN world, exist a encryption key for connection. You will be able to see the "antenna", but until you enter the key you will not be able to access the network or the internet. First, disable the wireless security and try. Once you have verified the connection to internet then you add security. Use WEP.

Jul 06, 2009 | NetGear WG602 802.11g/b Wireless Access...

1 Answer

Billionton USB : Class 1 USB Bluetooth adapter


before you try any step i tell you please disable your antivirus and firewall.
well!! I have an answer for you.your comp is loosing the IP address. goto start - programmes - accessories - dos prompt. type ipconfig.you`ll get ip address,subnet mask,default gateway.copy it. goto network and sharing center in vista and network connection under control panel in XP,IN Vista,click on view status,goto properties and double click on internet protocol(tcp/ip) or IPv4In XP,right click wireless network connection and goto properties and double click on internet protocol(tcp/ip).type in the IP address,subnet mask,default gateway.in DNS server address type the default gateway in primary DNS and in secondary 4.2.2.2. your connection won`t drop after this.

Jul 01, 2009 | Billionton Long Range Bluetooth USB...

1 Answer

I am trying to set up PPTP connection to the internet on my WRV54G router (behind a cable modem). The set up calls for a fixed IP address, mask and gateway address, but my ISP is not providing those - only...


most cable companies are dhcp configured. so you would leave the wan config as default. the only thing i would do is mask the computer mac address. this should give you the access you need.

Mar 09, 2009 | Linksys Wireless-G VPN Broadband Router...

2 Answers

MTU setting


Browse to the router's setup page, should be 192.168.1.1 or 192.168.1.0 and log into it. You just have to change the MTU. Put it to 1500.
Once logged in to the router, go to :

Setup
-
Basic Setup
-
Wireless Setup
-
Internet Connection Type
Connection Type = Static IP
Internet IP Address = 192.168.0.1
Subnet Mask = 255.255.255.0
Gateway = 192.168.0.1
Static DNS 1 = 192.168.0.1
Static DNS 2 = 192.168.0.1
Static DNS 3 = 192.168.0.1
STP = Enable
-
Optional Settings (required by some ISPs)
Router Name = client-mode
Host Name = 2WIRE383
Domain Name = [empty]
MTU = Auto
Please remember to rate all users who assist you for free :)

I’m happy to assist further over the phone at https://www.6ya.com/expert/joe_8b8c2cd6ce148309

Sep 29, 2008 | 2wire Wireless-G 802.11g ADSL Gateway

Not finding what you are looking for?
Cisco ASA 5500 Firewall Logo

1,234 people viewed this question

Ask a Question

Usually answered in minutes!

Top Cisco Computers & Internet Experts

Prashant M
Prashant M

Level 3 Expert

2277 Answers

Ekse

Level 3 Expert

13434 Answers

Jeffrey Groves
Jeffrey Groves

Level 3 Expert

573 Answers

Are you a Cisco Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...