What do I get with a subscription? With your subscription - you'll gain access to our exclusive IT community of thousands of IT pros. We can't always guarantee that the perfect solution to your specific problem will be waiting for you.
If you ask your own question - our Certified Experts will team up with you to help you get the answers you need. Who are the certified experts?
How quickly will I get my solution? We can't guarantee quick solutions - Experts Exchange isn't a help desk. We're a community of IT professionals committed to sharing knowledge.
Our experts volunteer their time to help other people in the technology industry learn and succeed. I went through the setup wizard and when I finished, I thought everything was fine as it correctly shows my ip address on the outside interface in the home screen and shows it's status as up. However, I cannot ping anything out on the internet. So, what am I missing?
Do I need some kind of static route setup to tell it where to route packets based for the outside? One a separate note, how would I go about assigning public ip addresses to devices behind it? Nothing like working with a cisco device to make me feel stupid Thanks for the help. Can you post the config here? Look at making a DMZ vlan. I can see about getting the current config to past here.
Is the ASDM that bad? I know that the command line still is the first priority with Cisco but I figured that a huge company like that would have a lot of resources to throw at making their web interface top notch. I went through the startup wizard. ASA Version 7. If you're learning, the gui is a good way to see what commands it produces via the cli.
I've got an example config of a working ASA running 7. Here you go: ASA Version 7. Anyway, they had a block of 8 IPs or something so I just used the next one available and it worked great. Edit: Ooops. Looks like your on a Let me fix my config for that. This: quote: global outside 1 interface may be the problem.
That is what I tried originally and it wouldn't give me internet access. Note If you are using failover, do not use this procedure to name interfaces that you are reserving for failover communications. See Chapter 14, "Configuring Failover," to configure the failover link.
If you change the security level of an interface, and you do not want to wait for existing connections to time out before the new security information is used, you can clear the connections using the clear local-host command. To remove this VLAN interface and all associated configuration, enter the no interface vlan command. Because this interface also includes the interface name configuration, and the name is used in other commands, those commands are also removed.
The home network does not need to access the business network, so you can use the no forward interface command on the home VLAN; the business network can access the home network, but the home network cannot access the business network.
If you already have two VLAN interfaces configured with a nameif command, be sure to enter the no forward interface command before the nameif command on the third interface; the adaptive security appliance does not allow three fully functioning VLAN interfaces with the Base license on the ASA adaptive security appliance.
Note If you upgrade to the Security Plus license, you can remove this command and achieve full functionality for this interface. If you leave this command in place, this interface continues to be limited even after upgrading. Step 3 To name the interface, enter the following command:.
The name is a text string up to 48 characters, and is not case-sensitive. You can change the name by reentering this command with a new value. Do not enter the no form, because that command causes all commands that refer to that name to be deleted.
Step 4 To set the security level, enter the following command:. Where number is an integer between 0 lowest and highest. Step 5 Routed mode only To set the IP address, enter one of the following commands. In transparent mode, you do not set the IP address for each interface, but rather for the whole adaptive security appliance or context.
The standby keyword and address is used for failover. See Chapter 14, "Configuring Failover," for more information. If you do not enable the interface using the no shutdown command before you enter the ip address dhcp command, some DHCP requests might not be sent.
Step 7 Optional To set an interface to management-only mode, so that it does not allow through traffic, enter the following command:. To enable the interface, if it is not already enabled, enter the following command:. The following example configures seven VLAN interfaces, including the failover interface which is configured separately using the failover lan command:. The third home interface cannot forward traffic to the business interface.
By default, all switch ports are shut down. To assign a switch port to one VLAN, configure it as an access port. By default, the speed and duplex for switch ports are set to auto-negotiate. Step 1 To specify the switch port you want to configure, enter the following command:. Where port is 0 through 7.
For example, enter the following command:. Step 3 Optional To prevent the switch port from communicating with other protected switch ports on the same VLAN, enter the following command:. You might want to prevent switch ports from communicating with each other if the devices on those switch ports are primarily accessed from other VLANs, you do not need to allow intra-VLAN access, and you want to isolate the devices from each other in case of infection or other security breach.
For example, if you have a DMZ that hosts three web servers, you can isolate the web servers from each other if you apply the switchport protected command to each switch port. The inside and outside networks can both communicate with all three web servers, and vice versa, but the web servers cannot communicate with each other. Step 4 Optional To set the speed, enter the following command:. The auto setting is the default. Step 5 Optional To set the duplex, enter the following command:.
Step 6 To enable the switch port, if it is not already enabled, enter the following command:.
0コメント