Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
4
Replies

asa 5520 question on configuration

mjsully
Level 1
Level 1

‎05-15-2013 04:39 PM - edited ‎03-11-2019 06:44 PM

If I configure an ASA, let's say the g0/1 port with a static ip address of 192.168.1.1 and assign it to the inside network, make g0/0 my outside connection, my question is if I have 2 workstations which will have a static ip address on the 192.168.1.x subnet, can I plug those workstations directly into the remaining ports (go/2 and g0/3) of the ASA and have it work correctly, or do I need to do some type of configuration or vlans to allow this behavior? Basically I have a need to make it act like a PIX 501 where all the ports except e0 were all bridged together and devices could plug directly into the firewall. Yes, I know the 5520 is overkill for this functionality, but I'm just looking to see what, if anything, I need to do on the ASA to exhibit this same behavior. Code is 8.2. Thank you                  

Labels:
0 Helpful
4 Replies 4

Yong Peng
Level 1
Level 1

‎05-15-2013 09:32 PM

you need to configure the ASA in transparent mode.

transparent mode can meet your requirement.

0 Helpful

mjsully
Level 1
Level 1
In response to Yong Peng

‎05-16-2013 05:04 AM

transparent mode will not do what I need. I still need the outside interface g0/0 to be on it's own separate network space. This firewall will be the default gateway for getting in and out of the 192.168.1.x subnet. I simply need to know if by default I can plug devices with static ip's on the 192.168.1.x subnet into ports g0/1-g0/3, give one of the ports an ip address of 192.168.1.1 so it can act as the gateway.

0 Helpful

graeme2010
Level 1
Level 1

‎05-16-2013 08:58 AM

You would have to attach a switch to gi0/1 and then plug in your PCs to the switch.  The 5520 does not have switch ports like a typical soho router would, so each physical interface would require its own IP network and security zone.

The PIX 501 was replaced with the ASA 5505 which has 8 switch interfaces and would support what you are looking to do.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-16-2013 09:36 AM

This will only be possible with an ASA 5505 which has a built-in switch.

With any other box, each interface must belong to a dedicated broadcast domain so you must use a switch.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card