Configuring Cisco ASA 5500-series as network gateway and share internet access to users through local area network (LAN) with DHCP and DNS.

CIsco devices have three mode in command line interface:

• First mode after you connected to device is unprivileged mode. This mode allows only monitoring and you can't modify running configurations.
• Second mode - privileged, allows change device's running configurations. This mode activate after enable command in CLI and entering password (if configured).
• Third mode is Global Configuration mode. Here you may configure entire device's configurations and network interfaces, create and change users, passwords, etc...

Enter in configure terminal mode:

cisco> enable
cisco# configure terminal
cisco(config)#

Configure outside interface - GigabitEthernet 0/0. It must be connected to internet provider's side. Set IP address and network mask:

interface GigabitEthernet 0/0
    description "Outside interface to ISP router from internet provider"
    nameif outside
    security-level 0
    ip address X.X.X.X 255.255.255.252

You should receive IP address, gateway and subnet mask from your internet provider.

Second interface - inside - GigabitEthernet 0/1. This interface looks in your local area network (LAN):

interface GigabitEthernet 0/1
    description "Inside interface to LAN network"
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0

Here ip address instruction means - you should set gateway for subnet. Subnet may be 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16. See reserved IP addresses for help.

Set DNS for your LAN clients. In this example I used Google's DNS servers. But you may use other public DNS nameservers:

dns domain-lookup outside
dns server-group DefaultDNS
    name-server 8.8.8.8
    name-server 8.8.4.4

This step require setup route from local area network in internet through provider's gateway. Set traffic route:

route outside 0.0.0.0 0.0.0.0 X.X.X.X

Try ping any source from your LAN network in inernet and see result:

ciscoasa(config)# ping google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.194.73.113, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/86/90 ms

Create new object for new subnet:

object network LAN_NETWORK
    subnet  192.168.1.0 255.255.255.0

Setup NAT:

nat (inside,outside) after-auto source dynamic any interface

Allow ping from local network to WAN:

policy-map global_policy
class inspection_default
inspect icmp

Setup DHCP:

dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable inside
dhcpd dns 8.8.8.8 8.8.4.4