Internet Access Firewall Cisco ASA

In this tutorial, I am going to show how you can setup the Cisco ASA to allow internet access to the LAN behind. Our lab topology would like as following:


Configure the Un-trusted and Trusted network as following:

 interface GigabitEthernet0/0
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address
 interface GigabitEthernet0/2
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address

Setup an Object of type network named ANY to represent any traffic coming from the LAN interface of the firewall that is named as inside interface.

 object network ANY
 nat (inside,outside) dynamic interface

Setup a default route that should be pointing to the VRRP interface of the PE router:

route outside 1

Enable the DHCP for the any device connected to the inside interface to get an IP address automatically:

dhcpd dns
 dhcpd address inside
 dhcpd enable inside
 dhcprelay timeout 60

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s