Internet Access Firewall Cisco ASA

In this tutorial, I am going to show how you can setup the Cisco ASA to allow internet access to the LAN behind. Our lab topology would like as following:

Untitled.png

Configure the Un-trusted and Trusted network as following:

!
 interface GigabitEthernet0/0
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address 172.16.1.3 255.255.255.248
 !
 interface GigabitEthernet0/2
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 10.10.10.1 255.255.255.224
 !

Setup an Object of type network named ANY to represent any traffic coming from the LAN interface of the firewall that is named as inside interface.

!
 object network ANY
 nat (inside,outside) dynamic interface
 !

Setup a default route that should be pointing to the VRRP interface of the PE router:

route outside 0.0.0.0 0.0.0.0 172.16.1.1 1

Enable the DHCP for the any device connected to the inside interface to get an IP address automatically:

dhcpd dns 8.8.8.8 9.9.9.9
 !
 dhcpd address 10.10.10.5-10.10.10.30 inside
 dhcpd enable inside
 !
 dhcprelay timeout 60
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s