I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

Similar Messages

• Dear All, I'm using Cisco ASA 5505 Firewall and I want the email alert from my Firewall if the CPU increase more than 70 %. Is it possible, Please help me. Thanks Vijay

  Dear All,
                       I'm using Cisco ASA 5505 Firewall and I want the email alert from my Firewall if the CPU increase more than 70 %. Is it possible, Please help me.
  Thanks
  Vijay

  Hi Vijay,
  If can be done but you need any network management software. I personally dont think you can ask your ask to send mails. ASA can trigger alert to a SNMP configured server which will intern send mail to you 
  HTH,

• What ports need to be open to control Lion Server from a remote location (through Server.app)?

  I need to control a Lion Server from a remote location and need to poke some holes in the firewall, unfortunately, I have no idea what ports those need to be. I can control the Server via the Server Admin application, but it will simply not connect via the Server.app.
  Suggestions?
  Thanks in advance.
  Marius

  Try in the Lion Server Forum?
  Regards,
  Colin R.

• Needed help in Installing Solaris 10 on sparc box from windows remotely

  Hi All,
  I have few Sun Ultra Sparc boxes. I m accessing them only through putty session(serail port) from my windows system.
  Now there is a need for me to install Solaris 10 in the sparc box. But the sparc box doesn't have any DVD drive. I have an external DVD drive.
  Can somebody help me out to install Solaris on the sparc box with the components I have.
  1) Windows system with putty
  2) External DVD drive
  3) Sun sparc box.
  Thanks for your help,
  T.R.Santhosh

  If you run into a problem that causes the machine not to boot, you can't interact with it via putty. You'd need a physical connection, usually either the keyboard and screen or a serial connection. I would always plan to be able to do so during an upgrade.
  If you have sufficient disk space, the easiest thing to do would be to copy over the DVD iso, then mount it up with lofi, and do a live upgrade.
  Windows doesn't read rockridge format disks. I would worry that having the windows machine read the ISO filesystem and send the files over would cause name issues. That's why getting the full ISO and mounting it locally on the Sparc is best. Fortunately, it doesn't require a physical drive.
  Darren

• Need help setting up an Oracle BPA Local Server

  I would like to make my computer the server and enable other users to connect to my Oracle BPA database. Is there an easy way to setup my computer? I tried having another user add my IP address as the server location using the "Add Server" option in the menu but that did not work. Do I need to change any settings?
  Thanks!
  Edited by: user10990394 on Apr 21, 2009 1:35 PM

  Hi,
  The Business erver / Repository Server is not the part of Oracle BPA offering as of now
  Oracle calls Business Server as Repository Server. And its different product and need a different licenses
  And the bad news is it isnt avaliable any where else for download.
  the products in Oracle BPA package are originally part of IDS Scheer's ARIS product range.
  And IDS does not gives any evaluation copies (atleast in india), thanks to Oracle that they have made BPA suite avaliable for evaluation.
  So if you wish to experiment with Repository Server you have two ways either buy it from IDS or wait for Oracle to offer the evaluation version, i wont suggest buying something that you havnt tried :)
  Gaurav Sharma :)

• How can I access my Airport Time Capsule from a remote location?

  I have my 2 TB Airport Time Capsule connected to my home wireless network and I have heard it is possible to access my information stored on it from anywhere, but I have no clue how to do this.

  Frankly, this is not easy, and not for the faint of heart.  Having someone to help who has done this will save you a ton of time and headaches.
  Set up and use Back to My Mac - Apple Support
  Before you do anything though, Back to My Mac assumes that you have a simple modem......not a modem/router that is often provided by Internet Service Providers to their customers.  A modem/router.....also called a gateway.....will not allow Back to My Mac to work correctly, so if you do have a modem/router or gateway device, you will need to speak to your service provider to find out if they can provide you with a simple modem.
  A simple modem will look something like this:
  A modem/router or gateway will look something like this:
  Having said this, personally I use another method called Port Mapping to allow my Mac...or an iPhone or iPad connect back to the Time Capsule at home when I am traveling.  But, this is even more complicated than Back to My Mac, so BTMM would be the place to start for most users.
  If things look intimidating on first pass and you can locate a good tech to set things up for you, that would be money well spent.

• I need help in resolving a problem that prevents me from accessing the iTunes store.  Message reads " iTunes cannot contact the iTunes store" and also says that my laptop is no longer authorized to access my account.  Help!

  I need help in resolving a problem that prevents me from accessing the iTunes store.  Message reads " iTunes cannot contact the iTunes store" and also says that my laptop is no longer authorized to access my account.  Help!

  Go up to the top of your screen on iTunes and click on 'Store'.  Then go down to 'Authorize This Computer'.  That should cover part of it unless you've already authorized a bunch of other computers to use your account.  If that's the case, you'll have to go to one of those computers and click the button just below it to 'deauthorize your account' from that computer.  If you're not able to access the store, check your internet connection to make sure you are connected.  Hope this helps.. good luck!     

• I need help trying to access my spotlight messages.

  I need help trying to access my spotlight messages.  I type in the persons name and only one text comes up but when I type in words in the text other ones come up.  So what I need to do is get all those text messages if its possible.

  I know the texts are there, but like I said it depends on the spotlight search but I want them all in one.

• Need Help to create access-list based on traffic logs

  Hello,
  We didn't have any Firewall in our network, we recently implemented  Cisco ASA (Context) firewall in our network with any  any permit rule .
  Our intension is to collect the source, destination, protocol & ports based on the traffic logs and then implement the access-lists , once we confirmed all the rule will added to the firewall we want remove any any permit rule .
  I need some suggestion regarding this how we can proceed on this plan, any suggestions appreciated
  Rajkumar

  Hi Rajkumar,
  That is not the ideal way of doing... this will lead to a provisioning an unauthorized person to access for something he is not authorized to.
  How many users do you have in your network? Try to categorize users based on their present authorization level of access.... say Team A users need to access everything... then you need to group them and provide full access..... Team B users need to be provided with only restricted access.... then group them and provide restricted access....
  If your case is something like this.... all users need unrestricted intranet access and certain users alone requires internet acceess... then you can define rules accordingly....
  Regards
  Karthik
  Regards
  Karthik

• Cisco ASA 5505 Configurations. Help... Beyond Frustrated

  Hello All,
  I'm fairly new to Cisco products and Network management in general. At my place of employment, I was hired as an IT Tech- Repair and Building computers, most aspects of Physical networking, and software refresh/upgrades as well as solving compatibility issues among a plethora of other things. I've configured APs, a couple Catalyst switches, a router or two, and that is about the breadth of my Cisco knowledge. I was kind of thrown into a project which is to update the current inventory of computers which all run Windows XP Professional. We are making a capital purchase of 20 Laptops and 40 Desktops all of which will run Windows 7. This means the outdated PIX they were using is now useless. I purchased a Cisco ASA 5505 (Version 8.2(1)) because it is compatible with Windows XP and Windows 7. I have spent several days and sleepless nights trying to figure out how to configure this thing. I was hoping to use SSL for the VPN. I did some basic configurations just to get started but like I said, I have no real experience with Adaptive Security Appliances and I am so frustrated right now. I tried using the Wizard to no avail. I did a write erase using CLI and tried to configure that way but I'm doing something wrong as far as I can tell. The configurations were mostly pulled from here, the Cisco Community, and a couple other web sites.
  I’m connecting the ASA 5505 to a cable modem (gateway 24.39.245.33) and to our Netvanta for VPN purposes. Here are the commands/what I have configured so far:
  hostname AMDASA
  domain-name asa.(mydomain).com
  enable password (encrypted)
  passwd (encrypted)
  interface Ethernet0/0
  description TWCoutside
  switchport access vlan 2
  no shutdown
  write mem
  exit
  interface Ethernet0/1
  description Port1inside
  switchport access vlan 1
  no shutdown
  write mem
  exit
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.0.250 255.255.255.0
  write mem
  exit
  interface Vlan2
  nameif outside
  security-level 0
  ip address 24.39.245.36 255.255.255.240
  write mem
  exit
  object-group icmp-type DefaultICMP
  description Default ICMP Types permitted
  icmp-object echo-reply
  icmp-object unreachable
  icmp-object time-exceeded
  write mem
  exit
  ftp mode passive
  write mem
  clock timezone EST -5
  clock summer-time EDT recurring
  write mem
  exit
  dns server-group DefaultDNS
  domain-name asa.adcmotors.com
  write mem
  exit
  access-list acl_outside extended permit icmp any any object-group DefaultICMP
  access-group acl_outside in interface outside
  access-list acl_inside extended permit icmp any any object-group DefaultICMP
  access-group acl_inside in interface inside
  write mem
  exit
  write mem
  That is the extent of the configurations I made via CLI. I don't know how to set the DNS lookup from a static port and I have no idea what else I'm supposed to do after the above configurations I have done. Is there a place to actually obtain ALL of the configurations needed to VPN in? Is there an easier way to make this thing work? I've seriously grown a patch of gray hair because of this device. Please help me if you can!!!!!!

  Hi our desperate friend .
  First I would suggest to use the Cisco VPN client instead of SSL VPN (AnyConnect). The configuration is a bit simpler and for the SSL VPN you would need to install the client on the ASA and purchase additional license if you plan to have more than 2 clients. The VPN Client usually comes with the ASA. If you dont have it or dont have access to download it from cisco.com go to the person from which you purchased your ASA and ask him how to get it.
  That said, I also think that your ASA lacks of some basic configuration as of now.  If you are planning to use this in replacement for your current PIX. You would need to configure a default route and some basic NAT:
  route outside 0.0.0.0 0.0.0.0 24.39.245.33
  global (outside) 1 interface
  nat (inside) 1 192.168.0.0  255.255.255.0
  Now regarding the VPN Client configuration you would need to something like this:
  Create an isakmp policy:
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha    
  group 2
  lifetime 86400
  Create a couple of ACLs that we will use later:
  access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0
  access-list split_tun standard permit 192.168.0.0 255.255.255.0
  Create a Pool for the VPN Clients to use:
  ip local pool TestPool 192.168.100.1-192.168.100.20 mask 255.255.255.0
  Create a Group Policy:
  group-policy TEST internal
  group-policy TEST attributes
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value split_tun
  Create a group:
  tunnel-group TEST type ipsec-ra
  tunnel-group TEST general-attributes
  address-pool TestPool
  authentication-server-group ABTVPN
  default-group-policy TEST
  tunnel-group TEST ipsec-attributes
  pre-shared-key cisco123
  Create crypto map and do a NAT 0:
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map Outside_dyn_map 10 set transform-set ESP-3DES-SHA
  crypto map Outside_map 10 ipsec-isakmp dynamic Outside_dyn_map
  crypto map Outside_map interface outside
  nat (inside) 0 access-l nonat
  Finally create a user that you will use to connect:
  username test password test123
  Then you would need to configure your VPN Client to connect with the ASA.
  Here is a config Example of VPN clients to the ASA. It uses an external server for the authentication but just skip those parts. For the initial config you might want to keep the authentication local.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml
  I hope this helps. Feel free to ask if you have any questions. Also it would very usefull if you could upload the current config (show run) of the ASA in case you need to ask something else.
  Have fun.
  Raga

• Cisco asa 5505 with Router 881w Configuration Help

  Hello all,
  I'm having trouble setting up a second vlan to route to the internet. I have a Cisco ASA 5505 connected to my ISP(OUTSIDE) and a Cisco 881w (INSIDE) router in the back of my firewall. My vlan 10 with the network 192.168.5.1 255.255.255.0 works with pat, however vlan 15 that is on my 881w router does not route to the internet at all. I can only ping from 192.168.15.15 network to 192.168.5.1 I would like some advice on how can I make this set up work. Attached with this discussion is a picture of my topology.
  Thanks in advance.
  here are the show runs:
  Cisco ASA 5505 show run:
  ASA Version 8.3(1)
  names
  interface Vlan1
   no nameif
   no security-level
   no ip address
  interface Vlan5
   mac-address xxxx.xxxx.xxxx
   nameif OUTSIDE
   security-level 0
   ip address dhcp setroute
  interface Vlan10
   nameif INSIDE
   security-level 100
   ip address 192.168.5.1 255.255.255.0
  interface Ethernet0/0
   switchport access vlan 5
  interface Ethernet0/1
   switchport access vlan 10
  interface Ethernet0/2
  interface Ethernet0/3
   shutdown
  interface Ethernet0/4
   shutdown
  interface Ethernet0/5
   shutdown
  interface Ethernet0/6
   shutdown
  interface Ethernet0/7
   shutdown
  ftp mode passive
  clock timezone CST -6
  clock summer-time CDT recurring
  object network INTERNAL_LAN
   subnet 192.168.5.0 255.255.255.0
  object network PRIVATE_LAN_192
   subnet 192.168.15.0 255.255.255.224
   description PRIVATE_LAN_192
  access-list INSIDE_access_in extended permit ip any any
  access-list INSIDE_access_in extended deny ip any any
  access-list OUTSIDE_access_in extended permit ip any any
  access-list OUTSIDE_access_in extended deny ip any any
  pager lines 24
  logging enable
  mtu OUTSIDE 1500
  mtu INSIDE 1500
  ip verify reverse-path interface OUTSIDE
  ip verify reverse-path interface INSIDE
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  object network INTERNAL_LAN
   nat (INSIDE,OUTSIDE) dynamic interface
  object network PRIVATE_LAN_192
   nat (INSIDE,OUTSIDE) dynamic interface
  access-group OUTSIDE_access_in in interface OUTSIDE
  access-group INSIDE_access_in in interface INSIDE
  route INSIDE 192.168.15.0 255.255.255.224 192.168.5.2 1
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  dhcpd dns 8.8.8.8 75.75.76.76
  dhcpd address 192.168.5.10-192.168.5.100 INSIDE
  dhcpd enable INSIDE
  Router 881w show run:
  Current configuration : 4912 bytes
  version 12.4
  no ip source-route
  ip dhcp excluded-address 192.168.15.1 192.168.15.10
  ip dhcp pool PRIVATE_LAN
     network 192.168.15.0 255.255.255.224
  interface FastEthernet0
   switchport trunk allowed vlan 1,15,1002-1005
   switchport mode trunk
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
   ip address 192.168.5.2 255.255.255.0
   duplex auto
   speed auto
  interface wlan-ap0
   description Service module interface to manage the embedded AP
   no ip address
   arp timeout 0
  interface Wlan-GigabitEthernet0
   description Internal switch interface connecting to the embedded AP
  interface Vlan1
   no ip address
  interface Vlan15
   ip address 192.168.15.1 255.255.255.224
  no ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 FastEthernet4
  no ip http server
  ip http authentication local
  ip http secure-server

  The cable modem does not have any configuration. I cant add any to it. Its a cisco dpc3008. From vlan 10 i have no problem to get to the internet with the above  configuration. My problem is just vlan 15.

• HT4623 hy i need help i want to downgrade my iphone 4 from ios 6.0.1 to 5.1.1 how can i do because i dont like the ios 6.

  hy i need help i want to downgrade my iphone 4 from ios 6.0.1 to 5.1.1 how can i do because i dont like the ios 6. pls help thank

  There's no official way to do that. Downgrading was never supported since the first iPhone.

• Hi i need help please . when i want to buy app from store ask me the security question but i forgot the answer  so i need to the link to rest answer of security question

  hi
  i need help please . when i want to buy app from store ask me the security question
  but i forgot the answer
  so i need to the link to rest answer of security question

  The Best Alternatives for Security Questions and Rescue Mail
      a. Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
      b. Call Apple Support in your country: Customer Service: Contact Apple support.
      c. Rescue email address and how to reset Apple ID security questions.

• Unable to access/lan2lan ping from VPN Fortigate to Cisco ASA 5505

  Problem : Unable to access user A to user B
  User A --- router A (122, fortigate 80c) --- (Site to Site VPN between fortigate & cisco asa) --- router B (93, cisco Asa 5505{in front asa got cisco800[81] before to internet} )  --- User B
  After using wizard to configure the cisco ASA site to site VPN, the site-to-site tunnel is up.
  Ping is unsuccessful from user A to user B
  Ping is successful from user B to user A, data is accessable
  After done the packet tracer from user A to user B,
  Result :
  Flow-lookup
  Action : allow
  Info: Found no matching flow, creating a new flow
  Route-lookup
  Action : allow
  Info : 192.168.5.203 255.255.255.255 identity
  Access-list
  Action : drop
  Config Implicit Rule
  Result - The packet is dropped
  Input Interface : inside
  Output Interface : NP Identify Ifc
  Info: (acl-drop)flow is denied by configured rule
  Below is Cisco ASA 5505's show running-config
  ASA Version 8.2(1)
  hostname Asite
  domain-name ssms1.com
  enable password ZZZZ encrypted
  passwd WWWW encrypted
  names
  name 82 B-firewall description Singapore office firewall
  name 192.168.1.0 B-inside-subnet description Singapore office internal LAN IP
  name 192.168.200.0 A-inside-VLAN12 description A-inside-VLAN12 (fortinet)
  name 192.168.2.0 fw-inside-subnet description A office internal LAN IP
  name 122 A-forti
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.5.203 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 93 255.255.255.240
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name ssms1.com
  object-group network obj_any
  network-object 0.0.0.0 0.0.0.0
  access-list inside_nat0_outbound extended permit ip any 80 255.255.255.240
  access-list inside_nat0_outbound extended permit ip fw-inside-subnet 255.255.255.0 B-inside-subnet 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0 A-inside-VLAN12 255.255.255.0
  access-list outside_cryptomap extended permit ip fw-inside-subnet 255.255.255.0 B-inside-subnet 255.255.255.0
  access-list Outside_nat-inbound extended permit ip A-inside-VLAN12 255.255.255.0 192.168.5.0 255.255.255.0
  access-list Outside_nat-inbound extended permit ip host A-forti 192.168.5.0 255.255.255.0
  access-list outside_1_cryptomap extended permit ip 192.168.5.0 255.255.255.0 A-inside-VLAN12 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-631.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 101 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 101 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 81 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http B-inside-subnet 255.255.255.0 inside
  http fw-inside-subnet 255.255.255.0 inside
  http 0.0.0.0 255.255.255.255 outside
  http 0.0.0.0 0.0.0.0 outside
  http 192.168.5.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs
  crypto map outside_map 1 set peer A-forti
  crypto map outside_map 1 set transform-set ESP-3DES-SHA
  crypto map outside_map 2 match address outside_cryptomap
  crypto map outside_map 2 set peer B-firewall
  crypto map outside_map 2 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 20
  authentication pre-share
  encryption aes-192
  hash md5
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption aes-256
  hash md5
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.5.10-192.168.5.20 inside
  dhcpd dns 165 165 interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  username admin password XXX encrypted privilege 15
  tunnel-group 122 type ipsec-l2l
  tunnel-group 122 ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  class-map outside-class
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
    message-length maximum client auto
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect icmp
  policy-map outside-policy
  description ok
  class outside-class
    inspect dns
    inspect esmtp
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect icmp
    inspect icmp error
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect sip
    inspect skinny
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect xdmcp
  service-policy global_policy global
  service-policy outside-policy interface outside
  prompt hostname context
  Cryptochecksum: XXX
  : end
  Kindly need your expertise&help to solve the problem

  any1 can help me ?

• Cisco ASA 5505 configuration

  Hi,
  I have configured cisco ASA 5505 but I can't get access to internet using my laptop connected to the ASA. I did not use the console but the graphical interface for the configuration. I changed the inside adress of the ASA and it is 192.168.2.1. From the inside I can't ping the material in outside and from outside I can't ping the laptop connected to the ASA.
  Here is my configuration:
  Result of the command: "show running-config"
  : Saved
  ASA Version 8.2(5)
  hostname xxxxxxxxxxxxxxxxx
  domain-name xxxxxxxxxxxxxxxxxxx
  enable password xxxxxxxxxxxxxx encrypted
  passwd xxxxxxxxxxxxxxxxxxxx encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 192.168.1.48 255.255.255.0
  ftp mode passive
  dns server-group DefaultDNS
  domain-name processia.com
  access-list outside_access_in extended permit ip any any
  access-list icmp_out_in extended permit icmp any any
  access-list inside_access_in extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ipv6 access-list outside_access_ipv6_in permit ip any any
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group inside_access_in in interface inside
  access-group icmp_out_in in interface outside
  access-group outside_access_ipv6_in in interface outside
  route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.2.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.2.2-192.168.2.129 inside
  dhcpd dns 80.10.246.2 80.10.246.129 interface inside
  dhcpd ping_timeout 5000 interface inside
  dhcpd domain xxxxxxxxxxxxxxxxx interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  policy-map global_policy
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:7e6f35db321b722ca60009b0c0dc706e
  : end
  Thank you for your help

  Hi Sylla,
  The static route you have configured for Internet access needs to be corrected:
  route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
  The next hop address should be your ISP's gateway IP address and not the ASA's outside interface IP. Currently, both are configured for 192.168.1.48.
  -Mike