Each sub-interface of the ASA will act as the default gateway for its corresponding internal LAN subnet. Thus, we need to configure sub-interfaces on a physical interface of the ASA which will be connected to a trunk port of the internal switch. Also, the ASA will act as DHCP server for each internal LAN, assigning the required IP addresses for each LAN subnet using a different DHCP scope for each one.Īlso, we will use a single physical interface of the ASA to accommodate the three internal network security zones (“inside1”, “inside2”, “inside3”). The ASA firewall will provide internet access to all internal LANs. The three internal LANs will be connected on the same switch and separated in Layer2 level with three VLANs on the switch. Intercompany Media Engine : Disabled perpetualĬonfiguration last modified by at 09:43:14.We want to separate the three internal LANs using an ASA firewall (either ASA5500 or the new ASA5500-X models will work fine). Maximum Physical Interfaces : 8 perpetualĪn圜onnect Essentials : Disabled perpetualĪn圜onnect for Mobile : Disabled perpetualĪn圜onnect for Cisco VPN Phone : Disabled perpetualĪdvanced Endpoint Assessment : Disabled perpetualīotnet Traffic Filter : Disabled perpetual SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.06 Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,Įncryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0) System image file is "disk0:/asa924-k8.bin"
#Dhcp on asa asdm software#
Here you go! Cisco Adaptive Security Appliance Software Version 9.2(4)Ĭompiled on Tue 14-Jul-15 22:19 by builders Policy-map type inspect dns preset_dns_map
No threat-detection statistics tcp-intercept
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absoluteĭynamic-access-policy-record DfltAccessPolicyĬrypto ipsec security-association pmtu-aging infiniteĭhcpd address 192.168.49.15-192.168.49.254 inside
Icmp unreachable rate-limit 1 burst-size 1Īccess-group outside_access_in in interface outside Xlate per-session deny udp any6 any6 eq domainĪccess-list outside_access_in extended permit icmp any anyĪccess-list outside_access_in extended deny ip any any Xlate per-session deny udp any6 any4 eq domain Xlate per-session deny udp any4 any6 eq domain Xlate per-session deny udp any4 any4 eq domain : Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz What am I missing? Thanks!ĮDIT: if i reboot the ASA, everything works again.for a while. I'm not doing anything funky on either the ASA or AP - both are just factory configs. When it doesn't work I can't get to the Internet, ASDM or ssh to the ASA, but still connected to the AP. A Ubiquiti AP (which gets its IP via DHCP) with a software controller, and clients that connect to the AP and get a DHCP address from the ASA. I have a Cisco ASA 5505 running 9.2, base license, serving DHCP.