ASA 5505 and Linksys wireless router

mikejensen83mikejensen83 Member Posts: 22 ■□□□□□□□□□
Hello,

I am new to ASA's/Firewalls and I am trying to setup a Cisco 5505 with a Linksys wireless router on my home network.

I can configure the ASA to work great with just a computer attached with full internet access, but every time I try to incorporate my Linksys wireless router I am having no luck.

I don't know how the physical configuration should be. I have been trying with this:

Comcast modem>Cisco ASA > Linksys wireless router

Basically I can't get my Linksys wireless router to work with the ASA, even after disabling DHCP, NAT, and the firewall on it.

I'm also not sure how to physically connect the devices. Do I need to use a crossover cable? What physical interfaces do I connect them to? ASA to the comcast mode, or put the Linksys router in front of the ASA.

My ultimate goal is to have wireless internet operating as well as the ASA at the perimeter of my network.

Any help would be greatly appreciated.

Thank you,

Mike

Comments

  • shodownshodown Member Posts: 2,271
    Here is mine. Yes security nerds I didn't upgrade to 8.3 cause I didn't want to buy the RAM.

    ASA Version 8.2(5)
    !
    hostname company5505
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    name 192.168.77.0 SSLVPN-Network
    name 192.168.2.0 Inside-Network-2
    name 216.115.69.144 SIPPROVIDER
    name 192.168.76.2 UC520
    name HostedVoIP Hosted VOIP
    name 10.2.120.0 description Voice Dev Network
    name 64.90.182.55 NTPserver description NTP server
    name x.x.x.x SFTPdescription SFTP server
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    shutdown
    !
    interface Ethernet0/4
    shutdown
    !
    interface Ethernet0/5
    shutdown
    !
    interface Ethernet0/6
    shutdown
    !
    interface Ethernet0/7
    shutdown
    !
    interface Vlan1
    nameif Inside
    security-level 100
    ip address 192.168.76.1 255.255.255.0
    !
    interface Vlan2
    nameif Outside
    security-level 0
    ip address dhcp setroute
    !
    boot system disk0:/asa825-k8.bin
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    object-group network SSLVPN-Network
    object-group network inside-network
    object-group network DM_INLINE_NETWORK_1
    network-object Inside-Network-2 255.255.255.0
    network-object 192.168.76.0 255.255.255.0
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group network SIP
    network-object host SIPPROVIDER
    access-list Split-VPN-Tunnel standard permit 192.168.76.0 255.255.255.0
    access-list Split-VPN-Tunnel standard permit Inside-Network-2 255.255.255.0
    access-list Inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_1 SSLVPN-Network 255.255.255.0
    access-list Inside_nat0_outbound extended permit ip any 192.168.77.8 255.255.255.248
    access-list Outside_access_in extended permit object-group TCPUDP host SIPPROVIDER any eq sip
    access-list Outside_access_in extended permit object-group TCPUDP host Hosted VOIP any eq sip
    access-list Outside_access_in extended permit udp host NTPserver any eq ntp
    access-list Outside_access_in extended permit tcp host SFTPVAheart any
    pager lines 24
    logging enable
    logging asdm informational
    mtu Inside 1500
    mtu Outside 1500
    ip local pool VPN-DHCP 192.168.77.10-192.168.77.15 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-712.bin
    no asdm history enable
    arp timeout 14400
    global (Outside) 1 interface
    nat (Inside) 0 access-list Inside_nat0_outbound
    nat (Inside) 1 0.0.0.0 0.0.0.0
    static (Inside,Outside) udp interface sip UC520 sip netmask 255.255.255.255
    static (Inside,Outside) tcp interface sip UC520 sip netmask 255.255.255.255
    access-group Outside_access_in in interface Outside
    route Inside 192.168.1.0 255.255.255.0 UC520 1
    route Inside Inside-Network-2 255.255.255.0 UC520 1
    route Inside 192.168.25.0 255.255.255.0 UC520 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication http console LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.76.0 255.255.255.0 Inside
    http 192.168.1.0 255.255.255.0 Inside
    http redirect Outside 80
    no snmp-server location
    no snmp-server contact
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA
    crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map Outside_map interface Outside
    crypto map Inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map Inside_map interface Inside
    crypto isakmp enable Inside
    crypto isakmp enable Outside
    crypto isakmp policy 10
    authentication crack
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 20
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 30
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 40
    authentication crack
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 50
    authentication rsa-sig
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 60
    authentication pre-share
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 70
    authentication crack
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 80
    authentication rsa-sig
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 90
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 100
    authentication crack
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 110
    authentication rsa-sig
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 120
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 130
    authentication crack
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 140
    authentication rsa-sig
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 150
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh 192.168.76.0 255.255.255.0 Inside
    ssh 192.168.1.0 255.255.255.0 Inside
    ssh timeout 5
    console timeout 0
    dhcp-client client-id interface Outside


    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 204.2.134.164 source Outside
    ssl encryption aes128-sha1 3des-sha1 rc4-sha1
    webvpn
    enable Inside
    enable Outside
    svc image disk0:/anyconnect-win-3.1.02040-k9.pkg 1
    svc enable
    tunnel-group-list enable
    group-policy SSLVPN-GP internal
    group-policy SSLVPN-GP attributes
    vpn-tunnel-protocol svc webvpn
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Split-VPN-Tunnel
    webvpn
    svc ask none default svc
    group-policy DfltGrpPolicy attributes
    vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Split-VPN-Tunnel
    group-policy remotevpn internal
    group-policy remotevpn attributes
    dns-server value 8.8.8.8 4.2.2.2
    vpn-tunnel-protocol IPSec
    username tbattlehunt password z39qHU56RFu.aE4n encrypted privilege 15
    tunnel-group SSLVPN type remote-access
    tunnel-group SSLVPN general-attributes
    address-pool VPN-DHCP
    default-group-policy SSLVPN-GP
    tunnel-group SSLVPN webvpn-attributes
    group-alias SSLVPN enable
    group-url https://x.x.x.x/SSLVPN enable
    tunnel-group company type remote-access
    tunnel-group company general-attributes
    address-pool VPN-DHCP
    tunnel-group company ipsec-attributes
    pre-shared-key *****
    tunnel-group remotevpn type remote-access
    tunnel-group remotevpn general-attributes
    address-pool VPN-DHCP
    default-group-policy remotevpn
    tunnel-group remotevpn ipsec-attributes
    pre-shared-key *****
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect xdmcp
    inspect icmp
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
  • SecurityThroughObscuritySecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□
    Internet - ASA - Linksys.
    give us sh run
    what model is linksys?
Sign In or Register to comment.