[SOLVED] HELP Firewall Expert, Setting up a Cisco ASA 5505 at home I can reach internet from ASA but not from computer inside LAN

sniper7777777

Honorable
Sep 22, 2014
98
3
10,645
Setting up a Cisco ASA 5505 at home I can reach internet from ASA but not from computer inside LAN

could someone help me?
I have set the outside interface for DHCP and I can acquire my public IP address, I can ping outside, but inside devices can't ping anything or reach outside, also I'm a bit confused because originally I set one interface as outside and one inside but if I connect multiple devices to the ASA and you can only have one interface as inside how do you connect multiple devices inside the LAN on multiple ports? Also I would be fine if I could get this working but to further complicate things I also have an ASUS router that I would like to hook up after the ASA and it just starts getting complicated at this point but if someone could shed light on how I can do this that would be great,
I plan on working on this all weekend if necessary so if someone could get this thread active I would appreciate it
I am following this guide below

Create 2 SVI’s one for inside and one for outside


GFirewall(config)# int vlan 77


GFirewall(config-if)#ip address 192.168.1.254 255.255.255.0


GFirewall(config-if)# nameif inside


GFirewall(config-if)# no shut





GFirewall(config-if)# interface ethernet 0/7


GFirewall(config-if)# switchport access vlan 77


GFirewall(config-if)# no shut





^ repeat this step for outside interface with new VLAN





Pick an interface (should be higher numbered interface for inside connection)


Ethernet 0/7





Set the route as the peered IP address (not usable)


GFirewall(config)# route outside 0.0.0.0 0.0.0.0 24.15.12.6





ACL ACE’s


access-list P2PACL line 60 extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.0.0.0


access-list P2PACL line (ACE) 60 extended permit ip (Source) 192.168.1.0 255.255.255. (destination) 10.0.0.0 255.0.0.0


add additional ACE’s for the public IP addresses


access-list P2PACL line 70 extended permit ip 25.25.25.25 255.255.255.252 64.64.64.64 255.255.255.252











Set IKE V1 phase 1


Create a policy


GFirewall(config)# crypto ikev1 policy 1


GFirewall(config-ikev1-policy)# authentication pre-share


GFirewall(config-ikev1-policy)# encryption aes-256


GFirewall(config-ikev1-policy)# group 2


GFirewall(config-ikev1-policy)# hash sha


GFirewall(config-ikev1-policy)# lifetime 86400 (*set lower to be more secure however uses more resources)


Enable IKE V1 on outside interface


GFirewall(config)# crypto ikev1 enable outside


Set IKE V1 Phase 2


GFirewall(config)# tunnel-group 1.1.1.1 type ipsec-l2l (* Use peer IP address (other ASA outside interface IP address) as tunnel group ID)


GFirewall(config)# tunnel-group 1.1.1.1 ipsec-attributes


GFirewall(config-tunnel-ipsec)# ikev1 pre-shared-key MGTech$upport (make sure there is no space at the end of the pre shared key)


Set the transform set


GFirewall(config)# crypto ipsec ikev1 transform-set GFIREWALLT1 esp-aes-256 esp-sha-hmac





GFirewall(config)# crypto map GFIREWALLCRYPTOMAP 10 set peer 1.1.1.1


GFirewall(config)# crypto map GFIREWALLCRYPTOMAP 10 set ikev1 transform-set GFIREWALLT1


GFirewall(config)# crypto map GFIREWALLCRYPTOMAP 10 match address P2PACL (* Create ACL with multiple ACE’s of subnets to Allow *Make sure you include nonat in front of extended ACL)


GFirewall(config)# crypto map GFIREWALLCRYPTOMAP 10 set security-association lifetime seconds 86400

GFirewall(config)# crypto map GFIREWALLCRYPTOMAP interface outside
 
Been a very long time since I played with asa stuff. Not sure what you are doing that config is a some kind of sample for a point to point vpn but it is not really complete.

It depends why you are using this device. If you are chasing cisco certs then maybe it has a use but that is a very old device and only has 100mbps ports. Many consumer router can out perform that device. I guess it depends on what it is being used for. It also depends on which software license you have since they make you purchases many features extra.