In this tutorial, I am going to show how you can setup the Cisco ASA to allow internet access to the LAN behind. Our lab topology would like as following:
Configure the Un-trusted and Trusted network as following:
! interface GigabitEthernet0/0 speed 100 duplex full nameif outside security-level 0 ip address 172.16.1.3 255.255.255.248 ! interface GigabitEthernet0/2 speed 100 duplex full nameif inside security-level 100 ip address 10.10.10.1 255.255.255.224 !
Setup an Object of type network named ANY to represent any traffic coming from the LAN interface of the firewall that is named as inside interface.
! object network ANY nat (inside,outside) dynamic interface !
Setup a default route that should be pointing to the VRRP interface of the PE router:
route outside 0.0.0.0 0.0.0.0 172.16.1.1 1
Enable the DHCP for the any device connected to the inside interface to get an IP address automatically:
dhcpd dns 18.104.22.168 22.214.171.124 ! dhcpd address 10.10.10.5-10.10.10.30 inside dhcpd enable inside ! dhcprelay timeout 60