Saturday, June 1, 2019

DDNS + ASA Outside

https://www.reddit.com/r/networking/comments/bbaqto/need_a_working_model/

I started with this, and things happened and I never got back to it.

I have a 5520 ASA, and I need to set the outside interface up as DDNS

I have reviewed the documentation here: https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/dhcp.html#wp1091527

And though those settings are not the problem, I have an issue with :

ping 8.8.8.8

no route to host 8.8.8.8

I'm about ready to chunk this thing out the window :)

Doing an ASA on a stick here, with a switch on the other end, trunked through L2 interfaces (which I have working, apparently).

!

hostname domain

domain-name domain.net

names

ddns update method ddns-2

ddns both

!

!

interface GigabitEthernet0/0

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/0.86

vlan 86

nameif outside

security-level 0

ddns update hostname ser.ver.com

ddns update ddns-2

ip address dhcp setroute

!

interface GigabitEthernet0/1

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1.10

vlan 10

nameif Base

security-level 0

ip address 172.20.10.250 255.255.255.0

!

interface GigabitEthernet0/1.15

vlan 15

nameif Extra

security-level 0

ip address 172.20.15.250 255.255.255.0

!

interface GigabitEthernet0/1.20

vlan 20

nameif ManagementStuff

security-level 0

ip address 172.20.20.250 255.255.255.0

!

interface GigabitEthernet0/2

description future-use

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

description guest-wireless-future

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

management-only

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

!

boot system disk0:/asa917-32-k8.bin

ftp mode passive

dns server-group DefaultDNS

domain-name domain.net

no pager

logging asdm informational

mtu outside 1500

mtu LOCAL 1500

mtu MGMT 1500

mtu Printer 1500

mtu management 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-781-150.bin

asdm history enable

arp timeout 14400

no arp permit-nonconnected

route outside 0.0.0.0 0.0.0.0 0.0.0.0 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authentication enable console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet timeout 5

no ssh stricthostkeycheck

ssh 192.168.1.0 255.255.255.0 management

ssh timeout 60

ssh version 2

ssh key-exchange group dh-group14-sha1

console timeout 0

management-access management

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

: end



No comments:

Post a Comment