Testing Cisco ASA 5505 router at my house with Cisco tech support and they have a question
jlamborn2165
Newbie

This router is defective and I need to prove it to Cisco.  At the site where it was installed, It will open our intranet tunnels, but no outside internet is reachable through Internet Explorer, although you can ping the site in a dos window and get a response (google.com for example).  I have to go through the testing here with Cisco at my house and I have replicated the exact same conditions.  Their question, is the outside IP that the ASA was assigned by my Verizon router of 192.168.1.7 a good public IP that should be able to pass basic internet traffic?  I've even thrown it into the DMZ where my son's Xbox used to be, which should open it wide up to the outside and be able to receive traffic.  The fact that I can ping these sites means I have outside internet, the router just can't translate or pass it to the browser and that's where I believe it's defective.  I have several of these at other sites with various other providers and some of them also have the 192.168.x.x outside address and work just fine; it only means we can't directly get to it from the internet, so we go through our intranet for those, no big deal.  If anyone answers me back, I'm not a technical wizard, but I do understand the basics.  We run over a hundred of these ASA's on various service providers, static, dhcp, cable, fios, all kinds of combinations of outside addresses.  I'm not any type of programmer, a template is provided for us and we know how to use putty to console in and give them the commands to load a template, reset to factory, etc.  This one has never worked right out of the box.  Several other of my company's techs have taken it home and we've all had the same results, even my Cisco certified tech in one of my other offices took a crack at it and tried typing various commands and trying different programming options, basically what the Cisco tech went through yesterday with me.  He said I had to check with Verizon next to make sure it should work at my house before he goes any further with his testing.  So, there you go.  Can anyone answer his question for me and verify that it should work that outside address?

0 Likes
Re: Testing Cisco ASA 5505 router at my house with Cisco tech support and they have a question
Anti-Phish1
Master - Level 1

How is the ASA connected to the Actiontec?  Actiontec LAN to ASA LAN or Actiontec LAN to ASA WAN?

What is the inside subnet of the ASA?

If you're connected Actiontec LAN to ASA WAN, the inside subnet of the ASA, must NOT be 192.168.1.x.

0 Likes
Re: Testing Cisco ASA 5505 router at my house with Cisco tech support and they have a question
jlamborn2165
Newbie

My insite subnet of the ASA is 10.7.67.100 (it's own address, and it will dhcp 10.7.67.10 thru 30).  This is our common scheme; these ASA's are in Apartment Leasing offices, with each one on its own unique subnet.  The outside IP it's assigned varies widely, from the basic 192.168.x.x to statically assigned 50.84.217.70, etc and they all work flawlessly.  I had to change this one because right out of the box it's identical to my router at 192.168.1.1, so that's not my issue.  The Cisco tech just wanted me to verify that 192.168.1.7 can be a valid outside IP address, which I know full well it is, but he wanted me to verify it with Verizon.

0 Likes
Re: Testing Cisco ASA 5505 router at my house with Cisco tech support and they have a question
jlamborn2165
Newbie

And it's Actiontec LAN to ASA WAN (port 0), then I'm putting myself directly into the LAN of the ASA.

0 Likes
Re: Testing Cisco ASA 5505 router at my house with Cisco tech support and they have a question
Anti-Phish1
Master - Level 1

To be clear 192.168.1.7 is an inside address on the Actiontec.

My question is why aren't you connecting the ASA directly to the ONT and let the ASA obtain the WAN IP?