I kind of hate you Cisco.
I have a firewall. It’s good practice to set that device to have a static IP. If you do this using the ASDM, systems behind the firewall will suddenly not be able to connect to the internet. At all. This is because you don’t have a route to the outside world. Follow the steps below to go from DHCP on your 5505 to a static IP.
- Open the ASDM and log into your device.
- Under Configuration, Interfaces, select the Outside interface and hit Edit
- In the ‘IP Address’ box, click the radio for ‘Use Static IP’
- Select an IP address, and use ‘255.255.255.0’ for the mask.
- Hit ok, then apply. Your boxes probably lose their connection right about now.
- Click ‘Routing’ on the left, Make sure ‘Static Routes’ is selected.
- This box is probably empty. Click ‘Add’.
- For the interface name, select ‘Outside’ (or whatever the outside interface is named)
- In the IP Address field, type: ‘0.0.0.0’
- In the Mask field, type: ‘0.0.0.0’
- In the Gateway IP field, type the gateway outside of your asa5505. Like, whatever it’s gateway is. If you have a box on the same subnet as the cisco box, do an ipconfig /all and use the gateway listed there.
- Metric should be ‘1’
- Hit ok, then apply. Now your boxes can get out from behind the firewall, but we need to give them DNS servers and such, if you are using DHCP to assign IP’s to boxes behind the firewall.
- Click ‘Properties’ on the left.
- Click ‘DHCP Services’
- Click ‘DHCP Server’
- Select interface inside, and hit edit. Enter your DNS Servers and WINS Server
- Hit OK, Apply
- Optional: If you know the host name and dns domain for this Cisco unit, you can set it. Click “Properties” on the left, then select “Device” under “Device Administration.” Enter the Host Name and Domain Name and hit apply.
- Now to save and reload the box, click ‘Tools/System reload’
- Select ‘Save the running configuration at time of reload’
- Click ‘Schedule Relod’
The Cisco asa5505 will take a couple minutes to reset, but when it comes up the device should have a static ip, and boxes behind the firewall will get IP’s from DHCP, and they should be able to get out from behind the firewall!