ASA5505 8.4(3)9: Quick start to connect to your internet

ASA/PIX 2 Minutes

This is not a guide, but a documentation to quickly start using the net, your computers that access internet are inside hosts, the hosts in the internet are outside hosts.

The equipment for this documentation is ASA5505 with 8.4(3)9 software, base license can utilize this quick start documentation as well.

Create vlans
You need to create vlans for ASA5505 for layer3 address assignment, naming the layer3 interface and assign security level to the layer3 interfaces.

!Create vlan 100 for interface connecting to your modem.
!vlan 100 is a dhcp client layer3 interface that obtains ip address lease from your
!provider's dhcp daemon. The setroute keyword creates a default route as soon as
!vlan 100 interface obtains an ip address lease.
!use show int ip brief command to check if the dhcp client interface
!has already obtained an ip address from your service provider's dhcpd.
interface Vlan100
 nameif outside
 security-level 0
 ip address dhcp setroute
!
!Vlan 20 is the layer3 interface that connects to your computers that need to 
!access internet.
interface Vlan20
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.255.255.240
!
ciscoasa(config)#

Assign switch interfaces to vlan membership

!By default all switch interfaces are shutdown. Although shutdown there is 
!link light if you connect a cable from your pc to the switch interface.
interface Ethernet0/0
 switchport access vlan 100
 no shutdown
!
interface Ethernet0/1
 switchport access vlan 20
 no shutdown
ciscoasa(config)#

Create dhcpd parameters
This is optional, however it greatly makes things easier for you.

!This line will get dns server information from your provider's dhcpd.
!the syntax is like this dhcpd auto_config <dhcp_client interface>
!since vlan 100 which is outside network is the dhcp client interface,
!the command is written in the way below.
dhcpd auto_config outside
!
dhcpd address 172.16.0.3-172.16.0.14 inside
dhcpd enable inside
!
ciscoasa(config)#

NAT

!You can choose to classify subnets into object, then use the object
!in NAT statement, or you can specify the keyword any if you do not
!want to specify any network object or object group.
object network inside
 subnet 10.0.0.0 255.255.255.240

!The nat statement is like this nat (real interface, mapped interface),
!source keyword specifies either any or the name of your object,
!follow by the address you wish to dynamically translate to. 
!This statement means map inside subnet with the outside address.
nat (inside,outside) source dynamic inside interface
ciscoasa(config)#
Advertisement

Published by cyruslab

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s