https://community.cisco.com/t5/network-security/asa-5505-with-two-internal-network/m-p/1599864#M593657 <HTML><HEAD></HEAD><BODY><P><EM>access-list workstations permit ip <WORKSTATION ip="" range=""> any </WORKSTATION></EM></P><P><EM>access-list servers permit ip <SERVER ip="" range=""> any</SERVER></EM></P><P><EM><BR /></EM></P><P><EM>nat (inside_interface1) 1 access-list workstations</EM></P><P><EM>nat (inside_interface2) 2 access-list servers</EM></P><P><EM>global (internet_interface) 1 interface</EM></P><P><EM>global (internet_interface) 2 interface</EM></P><P></P><P>Where inside_interface1 is the name of the interface your workstations are behind.</P><P>Where inside_interface2 is the name of the interface your servers are behind.</P><P>Where internet_interface is the name of the interface the internet is connected via.</P><P></P><P>This solution infact uses interface overloading, i.e. PAT, which I think would be a better option.</P></BODY></HTML> Fri, 21 Jan 2011 10:52:37 GMT handsy 2011-01-21T10:52:37Z https://community.cisco.com/t5/network-security/asa-5505-with-two-internal-network/m-p/1599863#M593652 <P>Could any expert here able to give me a hand ? I'm totally new on asa 5505, because of my previous one broken.</P><P>I would like to set this up with some static NAT rule located on 192.168.2.0 segment and two segment of internal network able to access Internet at the same time.</P><P></P><P>192.168.3.0 (workstations subnet)</P><P>Linksys WRT54G (router mode)</P><P>192.168.2.5</P><P>|</P><P>192.168.2.1 (servers subnet)</P><P>ASA 5505</P><P>113.28.102.68</P><P>|</P><P>113.28.102.70</P><P>gateway from ISP</P><P></P><P>Any help will be appreciated !</P><P>Thousand tks</P> Mon, 11 Mar 2019 19:38:11 GMT https://community.cisco.com/t5/network-security/asa-5505-with-two-internal-network/m-p/1599863#M593652 patlam 2019-03-11T19:38:11Z https://community.cisco.com/t5/network-security/asa-5505-with-two-internal-network/m-p/1599864#M593657 <HTML><HEAD></HEAD><BODY><P><EM>access-list workstations permit ip <WORKSTATION ip="" range=""> any </WORKSTATION></EM></P><P><EM>access-list servers permit ip <SERVER ip="" range=""> any</SERVER></EM></P><P><EM><BR /></EM></P><P><EM>nat (inside_interface1) 1 access-list workstations</EM></P><P><EM>nat (inside_interface2) 2 access-list servers</EM></P><P><EM>global (internet_interface) 1 interface</EM></P><P><EM>global (internet_interface) 2 interface</EM></P><P></P><P>Where inside_interface1 is the name of the interface your workstations are behind.</P><P>Where inside_interface2 is the name of the interface your servers are behind.</P><P>Where internet_interface is the name of the interface the internet is connected via.</P><P></P><P>This solution infact uses interface overloading, i.e. PAT, which I think would be a better option.</P></BODY></HTML> Fri, 21 Jan 2011 10:52:37 GMT https://community.cisco.com/t5/network-security/asa-5505-with-two-internal-network/m-p/1599864#M593657 handsy 2011-01-21T10:52:37Z https://community.cisco.com/t5/network-security/asa-5505-with-two-internal-network/m-p/1599865#M593664 <HTML><HEAD></HEAD><BODY><P>Dear handsy, thanks for your feedback.</P><P></P><P>Are they (both workstations and servers subnet) able to communication each other while they are on different interface (bi-directional internal traffic) ?</P><P>like workstations accessing server using UNC path, web access, icmp, etc....</P><P>and some network printers exist on the workstations subnet which servers wanna get connected</P><P></P><P>On the other hand, the WRT54G is a wireless one, should I disable from there and the ASA itself to provide the lease ?</P></BODY></HTML> Fri, 21 Jan 2011 15:23:02 GMT https://community.cisco.com/t5/network-security/asa-5505-with-two-internal-network/m-p/1599865#M593664 patlam 2011-01-21T15:23:02Z