[SOLVED] HELP Firewall Expert, Setting up a Cisco ASA 5505 at home I can reach internet from ASA but not from computer inside LAN

sniper7777777

Honorable
Sep 22, 2014
98
3
10,645
1
Setting up a Cisco ASA 5505 at home I can reach internet from ASA but not from computer inside LAN

could someone help me?
I have set the outside interface for DHCP and I can acquire my public IP address, I can ping outside, but inside devices can't ping anything or reach outside, also I'm a bit confused because originally I set one interface as outside and one inside but if I connect multiple devices to the ASA and you can only have one interface as inside how do you connect multiple devices inside the LAN on multiple ports? Also I would be fine if I could get this working but to further complicate things I also have an ASUS router that I would like to hook up after the ASA and it just starts getting complicated at this point but if someone could shed light on how I can do this that would be great,
I plan on working on this all weekend if necessary so if someone could get this thread active I would appreciate it
I am following this guide below

Create 2 SVI’s one for inside and one for outside


GFirewall(config)# int vlan 77


GFirewall(config-if)#ip address 192.168.1.254 255.255.255.0


GFirewall(config-if)# nameif inside


GFirewall(config-if)# no shut





GFirewall(config-if)# interface ethernet 0/7


GFirewall(config-if)# switchport access vlan 77


GFirewall(config-if)# no shut





^ repeat this step for outside interface with new VLAN





Pick an interface (should be higher numbered interface for inside connection)


Ethernet 0/7





Set the route as the peered IP address (not usable)


GFirewall(config)# route outside 0.0.0.0 0.0.0.0 24.15.12.6





ACL ACE’s


access-list P2PACL line 60 extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.0.0.0


access-list P2PACL line (ACE) 60 extended permit ip (Source) 192.168.1.0 255.255.255. (destination) 10.0.0.0 255.0.0.0


add additional ACE’s for the public IP addresses


access-list P2PACL line 70 extended permit ip 25.25.25.25 255.255.255.252 64.64.64.64 255.255.255.252











Set IKE V1 phase 1


Create a policy


GFirewall(config)# crypto ikev1 policy 1


GFirewall(config-ikev1-policy)# authentication pre-share


GFirewall(config-ikev1-policy)# encryption aes-256


GFirewall(config-ikev1-policy)# group 2


GFirewall(config-ikev1-policy)# hash sha


GFirewall(config-ikev1-policy)# lifetime 86400 (*set lower to be more secure however uses more resources)


Enable IKE V1 on outside interface


GFirewall(config)# crypto ikev1 enable outside


Set IKE V1 Phase 2


GFirewall(config)# tunnel-group 1.1.1.1 type ipsec-l2l (* Use peer IP address (other ASA outside interface IP address) as tunnel group ID)


GFirewall(config)# tunnel-group 1.1.1.1 ipsec-attributes


GFirewall(config-tunnel-ipsec)# ikev1 pre-shared-key MGTech$upport (make sure there is no space at the end of the pre shared key)


Set the transform set


GFirewall(config)# crypto ipsec ikev1 transform-set GFIREWALLT1 esp-aes-256 esp-sha-hmac





GFirewall(config)# crypto map GFIREWALLCRYPTOMAP 10 set peer 1.1.1.1


GFirewall(config)# crypto map GFIREWALLCRYPTOMAP 10 set ikev1 transform-set GFIREWALLT1


GFirewall(config)# crypto map GFIREWALLCRYPTOMAP 10 match address P2PACL (* Create ACL with multiple ACE’s of subnets to Allow *Make sure you include nonat in front of extended ACL)


GFirewall(config)# crypto map GFIREWALLCRYPTOMAP 10 set security-association lifetime seconds 86400

GFirewall(config)# crypto map GFIREWALLCRYPTOMAP interface outside
 
Been a very long time since I played with asa stuff. Not sure what you are doing that config is a some kind of sample for a point to point vpn but it is not really complete.

It depends why you are using this device. If you are chasing cisco certs then maybe it has a use but that is a very old device and only has 100mbps ports. Many consumer router can out perform that device. I guess it depends on what it is being used for. It also depends on which software license you have since they make you purchases many features extra.
 

sniper7777777

Honorable
Sep 22, 2014
98
3
10,645
1
thanks beers haha this in combo with not having it set up as a DHCP server was the issue
Also now I have another issue that ill be posting as a new post if you could help me with that as well
 
Reactions: beers

ASK THE COMMUNITY