The "outside" vlan seems to be misconfigured, and I've tried so many permeations, that I am sure I am overlooking something major, and obvious. When I am able to ping 8.8.8.8, from the ASA, I'll be happy!
Basic Config
As others have mentioned, your configuration is "suboptimal"... the biggest problem you have is that you're not using DHCP on the outside Vlan interface the biggest problem is that your default gw address is assigned to Vlan2... to recover, login to the console and...
copy runn flash:foobar.cfg
config t
configure factory-default 10.1.10.100 255.255.255.0
While you're in config mode, use this configuration...
hostname DTS-ASA
password ChangeMeNow
enable password ChangeMeNow
!
interface Ethernet0/0
switchport access vlan 2
!
interface Vlan2
! I don't think you need this, since it's an SMC MAC addr
! However, this illustrates how you can manually change the mac
! on your outside Vlan, if Comcast is restricting you
! to one mac (and now refuses to change it)
! mac-address 78cd.8ed9.fb37
nameif outside
security-level 0
ip address 74.xx.xx.225 255.255.255.248
!
route outside 0.0.0.0 0.0.0.0 74.xx.xx.230
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
end
wr mem
Please change the password :-)... now you need fw rules, but that's a different issue
WAN Validation
Make sure you really do have the Comcast modem attached to Eth0/0... After you're up and running, you should be able to check the address you got from Comcast like this...
DTS-ASA# sh int vlan2
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
MAC address 0030.dead.beef, MTU 1500
IP address 74.xx.xx.225, subnet mask 255.255.255.248 <------------
Traffic Statistics for "outside":
108703406 packets input, 119199091796 bytes
69134254 packets output, 8083775282 bytes
1654709 packets dropped
1 minute input rate 2 pkts/sec, 280 bytes/sec
1 minute output rate 3 pkts/sec, 414 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 3 pkts/sec, 716 bytes/sec
5 minute output rate 4 pkts/sec, 520 bytes/sec
5 minute drop rate, 0 pkts/sec
DTS-ASA#
Then check your ping to google's DNS...
DTS-ASA# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/18/20 ms
DTS-ASA#
If not, be sure you can ping your default-gw...
DTS-ASA# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 74.xx.xx.230 to network 0.0.0.0
C 74.xx.xx.230 255.255.255.248 is directly connected, outside
C 10.1.10.0 255.255.255.0 is directly connected, inside
d* 0.0.0.0 0.0.0.0 [1/0] via 74.xx.xx.230, outside <------
DTS-ASA#
DTS-ASA# ping 74.xx.xx.230
Best Answer
Unfortunately the ASA doesn't show a good explanation in the error message. It's required to create an RSA key on the ASA, either via console or command line in the ASDM, executing the command
crypto key generate rsa
, for example with highest possible modulus size:in global configuration mode. The default modulus would be 1024.
With the ASDM it can also be done in the configuration menu, device management, identity certificates, add, new:
Since the other requirements were already met, the connection should be successful.
Since I cannot add images to comments to the question above, here a screenshot about mass bumping comment spam starting with one to this question and answer. That's a screenshot of moderator activity, no action by me.