*ARGS.TECH | BLOG | Configuring network access with Cisco ASA

BLOG

Configuring network access with Cisco ASA

Configuring Cisco ASA 5500-series as network gateway.

First step - enter in "configure terminal" mode:

cisco> enable
cisco# configure terminal
cisco(config)#

Configure "outside" interface - GigabitEthernet 0/0. It must be connected to internet provider side:

interface GigabitEthernet 0/0
description "Outside interface to ISP router from internet provider"
nameif outside
security-level 0
ip address X.X.X.X 255.255.255.252

Internet provider give you IP address and subnet mask.

"Inside" interface - GigabitEthernet 0/1. This interface looks in your local area network (LAN):

interface GigabitEthernet 0/1
description "Inside interface to LAN network"
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

Here "ip address" instruction means - you set gateway for subnet. Subnet may be 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16. See Reserved IP addresses for help.

Set DNS for your LAN clients:

dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4

This step require setup route from local area network in internet through provider's gateway. Set traffic route:

route outside 0.0.0.0 0.0.0.0 X.X.X.X

Try ping any source and see result:

ciscoasa(config)# ping google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.194.73.113, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/86/90 ms

Create new object for new subnet:

object network LAN_NETWORK
subnet 192.168.1.0 255.255.255.0

Setup NAT:

nat (inside,outside) after-auto source dynamic any interface

Allow ping from local network to WAN:

policy-map global_policy
class inspection_default
inspect icmp

Setup DHCP:

dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable inside
dhcpd dns 8.8.8.8 8.8.4.4

#Firewall #Cisco #Internet #Networking