ASA 5505 and Linksys wireless router
mikejensen83
Member Posts: 22 ■□□□□□□□□□
Hello,
I am new to ASA's/Firewalls and I am trying to setup a Cisco 5505 with a Linksys wireless router on my home network.
I can configure the ASA to work great with just a computer attached with full internet access, but every time I try to incorporate my Linksys wireless router I am having no luck.
I don't know how the physical configuration should be. I have been trying with this:
Comcast modem>Cisco ASA > Linksys wireless router
Basically I can't get my Linksys wireless router to work with the ASA, even after disabling DHCP, NAT, and the firewall on it.
I'm also not sure how to physically connect the devices. Do I need to use a crossover cable? What physical interfaces do I connect them to? ASA to the comcast mode, or put the Linksys router in front of the ASA.
My ultimate goal is to have wireless internet operating as well as the ASA at the perimeter of my network.
Any help would be greatly appreciated.
Thank you,
Mike
I am new to ASA's/Firewalls and I am trying to setup a Cisco 5505 with a Linksys wireless router on my home network.
I can configure the ASA to work great with just a computer attached with full internet access, but every time I try to incorporate my Linksys wireless router I am having no luck.
I don't know how the physical configuration should be. I have been trying with this:
Comcast modem>Cisco ASA > Linksys wireless router
Basically I can't get my Linksys wireless router to work with the ASA, even after disabling DHCP, NAT, and the firewall on it.
I'm also not sure how to physically connect the devices. Do I need to use a crossover cable? What physical interfaces do I connect them to? ASA to the comcast mode, or put the Linksys router in front of the ASA.
My ultimate goal is to have wireless internet operating as well as the ASA at the perimeter of my network.
Any help would be greatly appreciated.
Thank you,
Mike
Comments
-
shodown
Member Posts: 2,271
Here is mine. Yes security nerds I didn't upgrade to 8.3 cause I didn't want to buy the RAM.
ASA Version 8.2(5)
!
hostname company5505
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.77.0 SSLVPN-Network
name 192.168.2.0 Inside-Network-2
name 216.115.69.144 SIPPROVIDER
name 192.168.76.2 UC520
name HostedVoIP Hosted VOIP
name 10.2.120.0 description Voice Dev Network
name 64.90.182.55 NTPserver description NTP server
name x.x.x.x SFTPdescription SFTP server
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif Inside
security-level 100
ip address 192.168.76.1 255.255.255.0
!
interface Vlan2
nameif Outside
security-level 0
ip address dhcp setroute
!
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object-group network SSLVPN-Network
object-group network inside-network
object-group network DM_INLINE_NETWORK_1
network-object Inside-Network-2 255.255.255.0
network-object 192.168.76.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network SIP
network-object host SIPPROVIDER
access-list Split-VPN-Tunnel standard permit 192.168.76.0 255.255.255.0
access-list Split-VPN-Tunnel standard permit Inside-Network-2 255.255.255.0
access-list Inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_1 SSLVPN-Network 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.77.8 255.255.255.248
access-list Outside_access_in extended permit object-group TCPUDP host SIPPROVIDER any eq sip
access-list Outside_access_in extended permit object-group TCPUDP host Hosted VOIP any eq sip
access-list Outside_access_in extended permit udp host NTPserver any eq ntp
access-list Outside_access_in extended permit tcp host SFTPVAheart any
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
ip local pool VPN-DHCP 192.168.77.10-192.168.77.15 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) udp interface sip UC520 sip netmask 255.255.255.255
static (Inside,Outside) tcp interface sip UC520 sip netmask 255.255.255.255
access-group Outside_access_in in interface Outside
route Inside 192.168.1.0 255.255.255.0 UC520 1
route Inside Inside-Network-2 255.255.255.0 UC520 1
route Inside 192.168.25.0 255.255.255.0 UC520 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.76.0 255.255.255.0 Inside
http 192.168.1.0 255.255.255.0 Inside
http redirect Outside 80
no snmp-server location
no snmp-server contact
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto map Inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Inside_map interface Inside
crypto isakmp enable Inside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.76.0 255.255.255.0 Inside
ssh 192.168.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
dhcp-client client-id interface Outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 204.2.134.164 source Outside
ssl encryption aes128-sha1 3des-sha1 rc4-sha1
webvpn
enable Inside
enable Outside
svc image disk0:/anyconnect-win-3.1.02040-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy SSLVPN-GP internal
group-policy SSLVPN-GP attributes
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split-VPN-Tunnel
webvpn
svc ask none default svc
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split-VPN-Tunnel
group-policy remotevpn internal
group-policy remotevpn attributes
dns-server value 8.8.8.8 4.2.2.2
vpn-tunnel-protocol IPSec
username tbattlehunt password z39qHU56RFu.aE4n encrypted privilege 15
tunnel-group SSLVPN type remote-access
tunnel-group SSLVPN general-attributes
address-pool VPN-DHCP
default-group-policy SSLVPN-GP
tunnel-group SSLVPN webvpn-attributes
group-alias SSLVPN enable
group-url https://x.x.x.x/SSLVPN enable
tunnel-group company type remote-access
tunnel-group company general-attributes
address-pool VPN-DHCP
tunnel-group company ipsec-attributes
pre-shared-key *****
tunnel-group remotevpn type remote-access
tunnel-group remotevpn general-attributes
address-pool VPN-DHCP
default-group-policy remotevpn
tunnel-group remotevpn ipsec-attributes
pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
inspect icmpCurrently Reading
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related -
SecurityThroughObscurity
Member Posts: 212 ■■■□□□□□□□
Internet - ASA - Linksys.
give us sh run
what model is linksys?