Set a Static IP for your Cisco ASA5505 Firewall
April 18th, 2007 by Anthony Curreri
I kind of hate you Cisco.
I have a firewall. It’s good practice to set that device to have a static IP. If you do this using the ASDM, systems behind the firewall will suddenly not be able to connect to the internet. At all. This is because you don’t have a route to the outside world. Follow the steps below to go from DHCP on your 5505 to a static IP.
- Open the ASDM and log into your device.
- Under Configuration, Interfaces, select the Outside interface and hit Edit
- In the ‘IP Address’ box, click the radio for ‘Use Static IP’
- Select an IP address, and use ’255.255.255.0′ for the mask.
- Hit ok, then apply. Your boxes probably lose their connection right about now.
- Click ‘Routing’ on the left, Make sure ‘Static Routes’ is selected.
- This box is probably empty. Click ‘Add’.
- For the interface name, select ‘Outside’ (or whatever the outside interface is named)
- In the IP Address field, type: ’0.0.0.0′
- In the Mask field, type: ’0.0.0.0′
- In the Gateway IP field, type the gateway outside of your asa5505. Like, whatever it’s gateway is. If you have a box on the same subnet as the cisco box, do an ipconfig /all and use the gateway listed there.
- Metric should be ’1′
- Hit ok, then apply. Now your boxes can get out from behind the firewall, but we need to give them DNS servers and such, if you are using DHCP to assign IP’s to boxes behind the firewall.
- Click ‘Properties’ on the left.
- Click ‘DHCP Services’
- Click ‘DHCP Server’
- Select interface inside, and hit edit. Enter your DNS Servers and WINS Server
- Hit OK, Apply
- Optional: If you know the host name and dns domain for this Cisco unit, you can set it. Click “Properties” on the left, then select “Device” under “Device Administration.” Enter the Host Name and Domain Name and hit apply.
- Now to save and reload the box, click ‘Tools/System reload’
- Select ‘Save the running configuration at time of reload’
- Click ‘Schedule Relod’
The Cisco asa5505 will take a couple minutes to reset, but when it comes up the device should have a static ip, and boxes behind the firewall will get IP’s from DHCP, and they should be able to get out from behind the firewall!
If you found this helpful, help me by checking out the ads on the right. Thank you!
Link to this post! Copy and paste this code into your blog or website:
<a href="http://www.mailbeyond.com/set-a-static-ip-for-your-cisco-asa5505-firewall"> Set a Static IP for your Cisco ASA5505 Firewall </a>
6 Responses to “Set a Static IP for your Cisco ASA5505 Firewall”
Excellent post Anthony. The ASDM wizard doesn’t ask for the gateway when setting a Static IP, so i was lost…until i found your post. followed the directions and got my T1 up and running in 5 minutes! You’re the man. Thanks
ok his all makes since but massively confused the more i read and follow ASDM.
i had to use your guild to reset to factory.
still need to get outside connection working then let the server ( win 03smb) assign ips through the switch. internal connection (static IP from ISP) is made and holding fine. now its adding this ASA as my router for , a in and out on the server, also access from a AP.
setup >modem>asa5505> server >switch>
after that set up a second ASA5505 for a site to site vpn
great site and very helpful
Grande, mi mancavo quel maledetto ’Tools/System reload’, altro che nat su nat che proponevano su altri siti.
Ciao.
Grazieeeeeeeeeeeeeeee!!!!! per avermi risolto un problemone
You saved my life!
Thank you.
Thanks for this. It is exactly what I needed to finish configuring my 2 5505′s