I am just about to buy ASA 5505. I need outside interface with Public interface that can NAT to two internal (priv)( networks.
Can I have two inside interfaces, like192.168.1.0 and 10.2.0.0 that can talk to each other??
Can I do it without vlans? Reason why, I would need to reconfog my current switches.
On cisco web they saying that:
"With the Base license, the third VLAN can only be configured to initiate traffic to one other VLAN" - but I need two inside netwroks be able talk to each other.
Please help. TIA to all.
With the base license on the ASA 5505 you would have restricted license on the box, whihc means you can only initiate traffic from Inside 1 to outside n from Inside1 to Inside 2 but not vice versa. If you would complete inter-vlan routing then you would need the security plus license for it. You can chcek your license by using the command:
This would tell you whether it is base or security plus.
Hope that helps.
Yes you can definitely do that, here's a license guide for ASA 5505:
Hope that helps,
On ASA 5505, you definitely need to create Vlan instead of physical interfaces, since there is a switch module in the ASA 5505, here is a sample config on how to configure it:
switchport access vlan 60
ip address 192.168.226.1 255.255.255.0
Yes you can definitely use the GUI for it, here's the guide:
and here's the download link:
Hope this helps,
that completely depends upon your topology and the configuration, if you have a trunk configured on the switch then the ASA interface would also be a trunk port and the configuration would be the same as the switch. The inter-vlan routing can be done on the ASA itself with the help of nats, ACL n routes.
N plz ignore the security-level, thats a mistake, Outside is indeed 0, by default
Switch does not have any vlan configured. Watchguard x1000 which I am replacing had 1 WAN and 2 LAN interfaces (192.168.x.x and 10.2.0.x) Basically watchguard did all routing hence no vlans needed.
So having switch without vlans configured, what's the best fo ASA configuration so traffic goes both ways between both LANs?
If you are using only 3 interfaces on the ASA then you can just connect those 3 to the watchgaurd or the switch, whatever device you have upstream and downstream on the ASA, just treat them as normal interfaces going into the other devices. It should'nt be an issue.