[size=-0]Summary[/size] The Church-Managed Firewall (ASA) was sent out without ample instructions to set up a static or PPPoE internet connection. This article explains how to set up the ASA with all of the correct information.
[size=-0]Symptoms[/size] After entering static or PPPoE information, the STS does not see a green VPN tunnel light although he or she set up the ASA correctly (according to the instructions).
[size=-0]Fix[/size] This KB article assumes that the ASA has not been activated, and is on the base configuration
Open ASDM
1) Open the ASDM (refer to page 7 of the installation guide) Online Installation Guide -- PDF
2) The ASDM program should be named Cisco ASDM 5.2 or 6.0 -- Follow the correct intructions for that version
NOTE: If prompted during the configuration process, select "Apply Changes"
ASDM v6.0 (scroll down for v5.2)
Configuring the ASA Outside IP and Subnet Mask
1) Near the top of the program, click on Configuration ("Device Setup" should be the tab that comes up by default)
2) Click on Interfaces (located in Device Setup)
3) Select the outside interface
4) On the right side of the program, click the Edit button
5) Make sure that Ethernet 0/0 is the only item under Selected Switch Ports
6) Select the Use Static IP or Use PPPoE radio button (depending on the connection type)
7) Fill in the correct information (this should be provided by the ISP)
8) Click OK
9) Click Save
Configuring the Default Gateway
1) Click on Routing (located in Device Setup)
2) Select Static Routes
3) On the left side of the program, click the Add button
4) For Interface Name select outside
5) For IP Address input 0
6) For Mask input 0
7) For Gateway IP input the default gateway (provided by the ISP)
8) Make sure that Metric is set to 1
9) Click OK
10) Click Save
Configuring the DNS Servers
NOTE: Setting the DNS servers can also be done by OTSS after the VPN light turns green
1) On the left side, Select Device Management
2) Expand DHCP
3) Select DHCP Server
4) Click on the inside interface
5) On the right side, click Edit
6) Input the DNS Servers 1 and 2 (provided by the ISP)
7) Uncheck "Enable auto-configuration on interface: outside"
8) Click OK
9) Click Save
ASDM v5.2(2)
Configuring the ASA Outside IP and Subnet Mask
1) Click the Configuration tab (near the top)
2) Select the outside interface
3) On the right side, click the Edit button
4) Make sure that Ethernet 0/0 is the only item under Selected Switch Ports
5) Select the Use Static IP or Use PPPoE radio button (depending on the connection type, will usually be static)
6) Fill in the correct information (this should be provided by the ISP)
7) Press OK
8) Click Save
!!THE MANUAL IS MISSING THE FOLLOWING INFORMATION!!
Configuring the Default Gateway
1) On the left side of the program, click on Routing
2) Select Static Routes
3) On the left side of the program, click the Add button
4) For Interface Name select outside
5) For IP Address input 0
6) For Mask input 0
7) For Gateway IP input the default gateway (provided by the ISP)
8) Make sure that Metric is set to 1
9) Click OK
10) Click Save
Configuring the DNS Servers
NOTE: Setting the DNS servers can also be done by OTSS after the VPN light turns green
1) Click on Properties (left side of the program)
2) Expand DHCP
3) Select DHCP Server
4) Click on the inside interface
5) On the right side, click Edit
6) Input the DNS Servers 1 and 2 (provided by the ISP)
7) Uncheck "Enable auto-configuration on interface: outside"
8) Click OK
9) Click Save
Please send me feedback to improve this article at russellja at ldschurch dot org
Joe Russell
OTSS