topic Re: ASA installation in Network Security

ASA installation

purpletech — Mon, 11 Mar 2019 23:28:17 GMT

I need to install a ASA firewall between a Router and a switch. I have configured the IP address and domain name on the Firewall.

Should I configure anthing on the Router or the switch

ASA installation

purpletech — Mon, 09 Jul 2012 14:43:13 GMT

There are 3 vlans on the Router

ASA installation

purpletech — Mon, 09 Jul 2012 15:16:13 GMT

Here is the configuration on the Router. Curently there are 3 switches connected to the router having 3 different networks. There are no Vlans on the switch. I need to insert the Firewall between the Router and the 3 switches.

I need help with the configuration

interface Loopback0

ip address 10.17.*.* 255.255.255.0

interface GigabitEthernet0/0

description Client LAN

ip address 192.168.155.1 255.255.255.0

ip access-group cnet-in in

no ip redirects

no ip proxy-arp

ip accounting output-packets

ip nat inside

ip inspect SDM_LOW out

ip virtual-reassembly in

duplex auto

speed auto

media-type rj45

no mop enabled

service-policy output manage-gnet-bandwidth-out

interface GigabitEthernet0/1

description DMZ LAN

ip address 172.16.1.1 255.255.255.0

ip access-group dmz61in in

no ip redirects

no ip proxy-arp

ip accounting output-packets

ip nat inside

ip inspect SDM_LOW out

ip virtual-reassembly in

duplex auto

speed auto

media-type rj45

no mop enabled

interface FastEthernet0/0/0

description Internet

switchport access vlan 10

no ip address

interface FastEthernet0/0/1

description MPLS

switchport access vlan 20

no ip address

interface FastEthernet0/0/2

description IT LAN

switchport access vlan 30

no ip address

interface FastEthernet0/0/3

no ip address

shutdown

interface FastEthernet0/1/0

no ip address

shutdown

interface FastEthernet0/1/1

no ip address

shutdown

interface FastEthernet0/1/2

description Delaware Network

switchport access vlan 50

no ip address

interface FastEthernet0/1/3

no ip address

shutdown

interface Vlan1

no ip address

interface Vlan10

description Internet

ip address 205.*.*.*.* 255.255.255.252

ip access-group Inet-In in

no ip redirects

no ip proxy-arp

ip nat outside

ip inspect SDM_LOW out

ip virtual-reassembly in

load-interval 30

no mop enabled

crypto map SDM_CMAP_1

interface Vlan20

description MPLS

ip address 10.100.0.7 255.255.255.252

interface Vlan30

description IT LAN

ip address 10.60.0.1 255.255.0.0

ip nat inside

ip virtual-reassembly in

interface Vlan50

description Delaware Network

ip address 172.16.2.1 255.255.255.0

ip access-group Del-in in

ip access-group Del-out out

ip nat inside

ip inspect SDM_LOW out

ip virtual-reassembly in

Re: ASA installation

purpletech — Wed, 11 Jul 2012 15:20:04 GMT

I need to configure and install an ASA 5525. I have attached the picture

There are three networks (192.168.0.*, 176.16.1.*, 10.50.0.*) configured on the router(Router IP's are 192.168.0.1,172.16.1.1,10.60.0.1 ) and it is connected to 3 switches (IP addresses are 192.168.0.4,172.16.1.4,10.60.0.4)

Now I need to install a Cisco ASA 5525 Firewall between the Router and the Switches. May I know how to configure ASA for this

Re: ASA installation

Ramraj Sivagnanam Sivajanam — Mon, 23 Jul 2012 04:12:47 GMT

Hi Bro

I presume, you've the Cisco Switch and Cisco Router working fine. All you need to do now, is to insert a Cisco Firewall. Yes, this can be done simply by placing the Cisco Firewall in transparent mode. Just assign the Firewall with a management IP with the similar network address as the Router and the Switch.

This case is similar to https://supportforums.cisco.com/message/3682020#3682020

P/S: If you think this comment is useful, please do rate them nicely 🙂

Re: ASA installation

nkarthikeyan — Mon, 23 Jul 2012 15:24:56 GMT

Hi Purple,

You scenario is like this

Rtr

ASA

/ | \

S1 S2 S3

You can make your ASA as the gateway instead of router. Means all .1 ip's to be configured on the interfaces of the ASA.

interface GigabitEthernet0/1

nameif inside 1

security-level 98

ip address 192.168.0.1 255.255.255.0

interface GigabitEthernet0/2

nameif inside2

security-level 100

ip address 172.16.1.1 255.255.255.0

interface GigabitEthernet0/3

nameif inside3

security-level 99

ip address 10.60.0.1 255.255.255.0

interface GigabitEthernet0/3

nameif inside3

security-level 99

ip address 10.60.0.1 255.255.255.0

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address SNM

If you assign public ip's between your router and asa do NAT policy applied. If you are doing the NAT in router then create the ACL rules for each inside LAN and route it with the default route in asa.

route 0.0.0.0 0.0.0.0

Please do rate if the given information helps.

Karthik