+ Reply to Thread
Results 1 to 5 of 5
  1. Junior Member
    Join Date
    Nov 2012
    Location
    Oak Lawn Il
    Posts
    10
    #1

    Default Basic ASA question

    I've just obtained a Cisco ASA 5505 device from my company (they want me to learn this device). I've setup basic configuration (NAT, VLANS etc), and it worked fine when outside port was connected to the router. When I connected it straight to the modem, it didn't even obtain an IP address from modem DHCP service. It is some kind of home Netgear DSL modem.

    The main question is if ASA needs an router between it and modem, or I just did something wrong.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2013
    Posts
    1,255

    Certifications
    CISSP, GWAPT, GSEC, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #2
    No it can be either. In my lab I have my asa behind a router so my wireless network is not impacted though.
    Reply With Quote Quote  

  4. Member awitt11's Avatar
    Join Date
    Aug 2010
    Location
    Missouri
    Posts
    38

    Certifications
    ITIL v3, CCENT
    #3
    In my experience, the DSL/Cable modem will get an IP from your provider and then serve up a private IP to your inside network (often 192.168.1.0/24). Can you set a static on the ASA in this range? Was the ASA acting as DHCP client in your test lab with the router acting as DHCP server?
    Reply With Quote Quote  

  5. Member JoeBirds's Avatar
    Join Date
    Feb 2013
    Posts
    49

    Certifications
    CCNA, CCNA-V, CCNA-S, CCENT, CMNA
    #4
    Try this on your ASA when connecting straight into the modem:

    (config-if)# ip address dhcp

    This will configure your ASA to act as a DHCP client. If this doesn't work, it may be due to necessary pppoe configuration to authenticate your ASA to your ISP. Something like this:

    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group pppoegroup
    ip address dhcp setroute

    A lot of times the modem performs this step, but it may be needed on your ASA before it can pass traffic. Let me know if this works!
    Reply With Quote Quote  

  6. Member AD227529's Avatar
    Join Date
    Oct 2008
    Location
    Kentucky
    Posts
    82

    Certifications
    CCNA: Security, CCNA, A+, Network+, Security+
    #5
    Is the Netgear a modem or a router? If it's a router, you will need to put it in "bridge mode". You can't have two DHCP servers or you will have a DHCP conflict and none of the hosts on your LAN will get an IP address. I learned this lesson the hard way on the job! This will turn off DHCP on the Netgear and let the ASA act as the DHCP server, assuming that you have DHCP enabled on the ASA. I think you can then set the outside IP address of the ASA to "DHCP" and it should pick up an IP address from the ISP, or if you have a static IP address from your ISP, you can use that instead. Enable NAT on the ASA and you should be good to go!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks