https://www.reddit.com/r/networking/comments/bbaqto/need_a_working_model/
I started with this, and things happened and I never got back to it.
I have a 5520 ASA, and I need to set the outside interface up as DDNS
I have reviewed the documentation here: https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/dhcp.html#wp1091527
And though those settings are not the problem, I have an issue with :
ping 8.8.8.8
no route to host 8.8.8.8
I'm about ready to chunk this thing out the window :)
Doing an ASA on a stick here, with a switch on the other end, trunked through L2 interfaces (which I have working, apparently).
!
hostname domain
domain-name domain.net
names
ddns update method ddns-2
ddns both
!
!
interface GigabitEthernet0/0
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.86
vlan 86
nameif outside
security-level 0
ddns update hostname ser.ver.com
ddns update ddns-2
ip address dhcp setroute
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.10
vlan 10
nameif Base
security-level 0
ip address 172.20.10.250 255.255.255.0
!
interface GigabitEthernet0/1.15
vlan 15
nameif Extra
security-level 0
ip address 172.20.15.250 255.255.255.0
!
interface GigabitEthernet0/1.20
vlan 20
nameif ManagementStuff
security-level 0
ip address 172.20.20.250 255.255.255.0
!
interface GigabitEthernet0/2
description future-use
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
description guest-wireless-future
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa917-32-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name domain.net
no pager
logging asdm informational
mtu outside 1500
mtu LOCAL 1500
mtu MGMT 1500
mtu Printer 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-781-150.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
route outside 0.0.0.0 0.0.0.0 0.0.0.0 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh 192.168.1.0 255.255.255.0 management
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group14-sha1
console timeout 0
management-access management
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
: end
No comments:
Post a Comment