Configuring network access with Cisco ASA via minicom utility

Configuring Cisco ASA 5500-series as network gateway and share internet access to users through local area network (LAN) with DHCP and DNS.

CIsco devices have three mode in command line interface:

• First mode after you connected to device is unprivileged mode. This mode allows only monitoring and you can't modify running configurations.
• Second mode - privileged, allows change device's running configurations. This mode activate after enable command in CLI and entering password (if configured).
• Third mode is Global Configuration mode. Here you may configure entire device's configurations and network interfaces, create and change users, passwords, etc...

Enter in configure terminal mode:

cisco> enable cisco# configure terminal cisco(config)# 

Configure outside interface - GigabitEthernet 0/0. It must be connected to internet provider's side. Set IP address and network mask:

interface GigabitEthernet 0/0 description "Outside interface to ISP router from internet provider" nameif outside security-level 0 ip address X.X.X.X 255.255.255.252 

You should receive IP address, gateway and subnet mask from your internet provider.

Second interface - inside - GigabitEthernet 0/1. This interface looks in your local area network (LAN):

interface GigabitEthernet 0/1 description "Inside interface to LAN network" nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 

Here ip address instruction means - you should set gateway for subnet. Subnet may be 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16. See reserved IP addresses for help.

Set DNS for your LAN clients. In this example I used Google's DNS servers. But you may use other public DNS nameservers:

dns domain-lookup outside dns server-group DefaultDNS name-server 8.8.8.8 name-server 8.8.4.4 

This step require setup route from local area network in internet through provider's gateway. Set traffic route:

route outside 0.0.0.0 0.0.0.0 X.X.X.X 

Try ping any source from your LAN network in inernet and see result:

ciscoasa(config)# ping google.com Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 173.194.73.113, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 80/86/90 ms 

Create new object for new subnet:

object network LAN_NETWORK subnet 192.168.1.0 255.255.255.0 

Setup NAT:

nat (inside,outside) after-auto source dynamic any interface 

Allow ping from local network to WAN:

policy-map global_policy class inspection_default inspect icmp 

Setup DHCP:

dhcpd address 192.168.1.2-192.168.1.254 inside dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd enable inside dhcpd dns 8.8.8.8 8.8.4.4