We had to setup a new Cisco ASA 5505 unit on a separate connection – mainly as a backup but also for testing purposes.
We set everything up correctly according to our notes for our primary ASA 5510 units (the interface and software for the 5505 is exactly the same as that for the 5510). But we could not connect to the internet through the ASA – firewall ACL rules were all ok and everything seemed fine but logging showed it was dropping packets destined for outside the LAN.
It turned out that we had forgotten to setup what is probably the most important parameter on the Cisco ASA units – the static route to the next hop router i.e. our ISP’s router!
If you use the ASDM initial configuration Wizard to setup the ASA you don’t get this problem as the next hop question is asked during this process.
To set the static route in ASDM go to:
Configuration -> Device Setup -> Routing -> Static Routes
Add a static route:
Where Gateway IP is the IP address of your ISP’s router.
