Add User Subnet to ASA

Download Template
General config for adding a DHCP enabled subnet to a Cisco ASA as a sub-interface. Note: Default firewall rule in this config blocks all traffic to RFC-1918 addresses. Warning: My regexes suck so make sure you type in correct values for subnets, etc.

awfki
February 14, 2014
physical interface

vlan number

description

name of the interface

security level

subnet

subnet mask

NAT (script default to outside int so this is only for the desc)

conf t
interface Ethernet%{PHYSINT}%.%{VLAN}%
 description %{DESC}%
 vlan %{VLAN}%
 nameif %{NAMEIF}%
 security-level %{SECLVL}%
 ip address %{SUBNET}% %{MASK}%
 no shut
!
object network %{NAMEIF}%_net
 subnet %{SUBNET}% %{MASK}%
 description %{DESC}% / %{NAT}%
!
dhcprelay enable %{NAMEIF}%
!
nat (%{NAMEIF}%,outside) after-auto 2 source dynamic %{NAMEIF}%_net interface
!
access-list %{NAMEIF}%_in extended deny ip object %{NAMEIF}%_net object-group RFC_1918 
access-list %{NAMEIF}%_in extended permit ip object %{NAMEIF}%_net any 
!
access-group %{NAMEIF}%_in in interface %{NAMEIF}%
!
end

You must be logged in to comment.