Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
0
Helpful
6
Replies

ASA 5505 adding subnets

Go to solution
ken.hoover1
Level 1
Level 1

‎01-27-2016 12:04 PM - edited ‎03-12-2019 12:11 AM

I am about to add 10 sub-nets and 6 virtual servers to my domain. I have an ASA 5505 firewall version 7.2 with a basic license. Do I need to add the VLANS to the firewall or add them in interfaces?  I am new to the whole firewall rules thing and would appreciate any help I can get.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to ken.hoover1

‎01-27-2016 01:44 PM

All networks "live" on the inside interface of your ASA. If you want to control how they are allowed to connect to the internet, you need to configure that on the inside ACL and make sure that these networks are also address-translated.

If these networks should be reached from the internet, you need to allow this on the outside ACL and also configure static translation for them.

And you need to add static routes to your ASA for these networks pointing to the L3-switch.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Karsten Iwen
VIP
VIP

‎01-27-2016 12:32 PM

ASA 5505 with the Base-license only supports two full-featured Vlans. With that you can't configure these new subnets as firewall-interfaces and do filtering between these VLANs.

You still can configure these subnets on a layer3-switch that gets connected to the ASA. But still no firewalling between these subnets.

If really want to separate these networks, then you need a bigger firewall. For the ASA, that starts with the 5506-X with the SecurityPlus license.

0 Helpful

Go to solution
ken.hoover1
Level 1
Level 1
In response to Karsten Iwen

‎01-27-2016 12:48 PM

These sub-nets are configured on the HP 2920 switches, so will they be firewalled? Also, would the sub-nets still be able to access the Internet for updates?
0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to ken.hoover1

‎01-27-2016 01:16 PM

These subnets can communicate to the Internet, this traffic can be firewalled. But all traffic between the subnets on the switch stays local to the switch without going through the ASA.

0 Helpful

Go to solution
ken.hoover1
Level 1
Level 1
In response to Karsten Iwen

‎01-27-2016 01:40 PM

Just so I know I understand correctly, if the switch is plugged into the network, these sub-nets are firewalled the same as the network? Or do I need to add rules to protect them as well?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to ken.hoover1

‎01-27-2016 01:44 PM

All networks "live" on the inside interface of your ASA. If you want to control how they are allowed to connect to the internet, you need to configure that on the inside ACL and make sure that these networks are also address-translated.

If these networks should be reached from the internet, you need to allow this on the outside ACL and also configure static translation for them.

And you need to add static routes to your ASA for these networks pointing to the L3-switch.

0 Helpful

Go to solution
ken.hoover1
Level 1
Level 1
In response to Karsten Iwen

‎02-01-2016 01:44 PM

I looked at the switch setup and I do not see where to configure that on the inside ACL. Also can this be done through the ASDM or do I need to use CLI?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card