asa 5505 with two internal network

patlam · ‎01-21-2011

Could any expert here able to give me a hand ? I'm totally new on asa 5505, because of my previous one broken.

I would like to set this up with some static NAT rule located on 192.168.2.0 segment and two segment of internal network able to access Internet at the same time.

192.168.3.0 (workstations subnet)

Linksys WRT54G (router mode)

192.168.2.5

|

192.168.2.1 (servers subnet)

ASA 5505

113.28.102.68

|

113.28.102.70

gateway from ISP

Any help will be appreciated !

Thousand tks

handsy · ‎01-21-2011

access-list workstations permit ip any

access-list servers permit ip any

nat (inside_interface1) 1 access-list workstations

nat (inside_interface2) 2 access-list servers

global (internet_interface) 1 interface

global (internet_interface) 2 interface

Where inside_interface1 is the name of the interface your workstations are behind.

Where inside_interface2 is the name of the interface your servers are behind.

Where internet_interface is the name of the interface the internet is connected via.

This solution infact uses interface overloading, i.e. PAT, which I think would be a better option.

patlam · ‎01-21-2011

Dear handsy, thanks for your feedback.

Are they (both workstations and servers subnet) able to communication each other while they are on different interface (bi-directional internal traffic) ?

like workstations accessing server using UNC path, web access, icmp, etc....

and some network printers exist on the workstations subnet which servers wanna get connected

On the other hand, the WRT54G is a wireless one, should I disable from there and the ASA itself to provide the lease ?