DEV Community

Shakhzhakhan Maxudbek
Shakhzhakhan Maxudbek

Posted on • Edited on • Originally published at args.tech

Configuring network access with Cisco ASA via minicom utility

Configuring Cisco ASA 5500-series as network gateway and share internet access to users through local area network (LAN) with DHCP and DNS.

CIsco devices have three mode in command line interface:

  • First mode after you connected to device is unprivileged mode. This mode allows only monitoring and you can't modify running configurations.
  • Second mode - privileged, allows change device's running configurations. This mode activate after enable command in CLI and entering password (if configured).
  • Third mode is Global Configuration mode. Here you may configure entire device's configurations and network interfaces, create and change users, passwords, etc...

Enter in configure terminal mode:

cisco> enable
cisco# configure terminal
cisco(config)#
Enter fullscreen mode Exit fullscreen mode

Configure outside interface - GigabitEthernet 0/0. It must be connected to internet provider's side. Set IP address and network mask:

interface GigabitEthernet 0/0
    description "Outside interface to ISP router from internet provider"
    nameif outside
    security-level 0
    ip address X.X.X.X 255.255.255.252
Enter fullscreen mode Exit fullscreen mode

You should receive IP address, gateway and subnet mask from your internet provider.

Second interface - inside - GigabitEthernet 0/1. This interface looks in your local area network (LAN):

interface GigabitEthernet 0/1
    description "Inside interface to LAN network"
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
Enter fullscreen mode Exit fullscreen mode

Here ip address instruction means - you should set gateway for subnet. Subnet may be 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16. See reserved IP addresses for help.

Set DNS for your LAN clients. In this example I used Google's DNS servers. But you may use other public DNS nameservers:

dns domain-lookup outside
dns server-group DefaultDNS
    name-server 8.8.8.8
    name-server 8.8.4.4
Enter fullscreen mode Exit fullscreen mode

This step require setup route from local area network in internet through provider's gateway. Set traffic route:

route outside 0.0.0.0 0.0.0.0 X.X.X.X
Enter fullscreen mode Exit fullscreen mode

Try ping any source from your LAN network in inernet and see result:

ciscoasa(config)# ping google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.194.73.113, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/86/90 ms
Enter fullscreen mode Exit fullscreen mode

Create new object for new subnet:

object network LAN_NETWORK
    subnet  192.168.1.0 255.255.255.0
Enter fullscreen mode Exit fullscreen mode

Setup NAT:

nat (inside,outside) after-auto source dynamic any interface
Enter fullscreen mode Exit fullscreen mode

Allow ping from local network to WAN:

policy-map global_policy
class inspection_default
inspect icmp
Enter fullscreen mode Exit fullscreen mode

Setup DHCP:

dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable inside
dhcpd dns 8.8.8.8 8.8.4.4
Enter fullscreen mode Exit fullscreen mode

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay