07-09-2012 07:39 AM - edited 03-11-2019 04:28 PM
I need to install a ASA firewall between a Router and a switch. I have configured the IP address and domain name on the Firewall.
Should I configure anthing on the Router or the switch
07-09-2012 07:43 AM
There are 3 vlans on the Router
07-09-2012 08:16 AM
Here is the configuration on the Router. Curently there are 3 switches connected to the router having 3 different networks. There are no Vlans on the switch. I need to insert the Firewall between the Router and the 3 switches.
I need help with the configuration
interface Loopback0
ip address 10.17.*.* 255.255.255.0
!
interface GigabitEthernet0/0
description Client LAN
ip address 192.168.155.1 255.255.255.0
ip access-group cnet-in in
no ip redirects
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip inspect SDM_LOW out
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
no mop enabled
service-policy output manage-gnet-bandwidth-out
!
interface GigabitEthernet0/1
description DMZ LAN
ip address 172.16.1.1 255.255.255.0
ip access-group dmz61in in
no ip redirects
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip inspect SDM_LOW out
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
no mop enabled
!
interface FastEthernet0/0/0
description Internet
switchport access vlan 10
no ip address
!
interface FastEthernet0/0/1
description MPLS
switchport access vlan 20
no ip address
!
interface FastEthernet0/0/2
description IT LAN
switchport access vlan 30
no ip address
!
interface FastEthernet0/0/3
no ip address
shutdown
!
interface FastEthernet0/1/0
no ip address
shutdown
!
interface FastEthernet0/1/1
no ip address
shutdown
!
interface FastEthernet0/1/2
description Delaware Network
switchport access vlan 50
no ip address
!
interface FastEthernet0/1/3
no ip address
shutdown
!
interface Vlan1
no ip address
!
interface Vlan10
description Internet
ip address 205.*.*.*.* 255.255.255.252
ip access-group Inet-In in
no ip redirects
no ip proxy-arp
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly in
load-interval 30
no mop enabled
crypto map SDM_CMAP_1
!
interface Vlan20
description MPLS
ip address 10.100.0.7 255.255.255.252
!
interface Vlan30
description IT LAN
ip address 10.60.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan50
description Delaware Network
ip address 172.16.2.1 255.255.255.0
ip access-group Del-in in
ip access-group Del-out out
ip nat inside
ip inspect SDM_LOW out
ip virtual-reassembly in
!
!
07-11-2012 08:20 AM
I need to configure and install an ASA 5525. I have attached the picture
There are three networks (192.168.0.*, 176.16.1.*, 10.50.0.*) configured on the router(Router IP's are 192.168.0.1,172.16.1.1,10.60.0.1 ) and it is connected to 3 switches (IP addresses are 192.168.0.4,172.16.1.4,10.60.0.4)
Now I need to install a Cisco ASA 5525 Firewall between the Router and the Switches. May I know how to configure ASA for this
07-23-2012 08:24 AM
Hi Purple,
You scenario is like this
Rtr
|
ASA
/ | \
S1 S2 S3
You can make your ASA as the gateway instead of router. Means all .1 ip's to be configured on the interfaces of the ASA.
interface GigabitEthernet0/1
nameif inside 1
security-level 98
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif inside2
security-level 100
ip address 172.16.1.1 255.255.255.0
!
interface GigabitEthernet0/3
nameif inside3
security-level 99
ip address 10.60.0.1 255.255.255.0
!
interface GigabitEthernet0/3
nameif inside3
security-level 99
ip address 10.60.0.1 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address
!
If you assign public ip's between your router and asa do NAT policy applied. If you are doing the NAT in router then create the ACL rules for each inside LAN and route it with the default route in asa.
route 0.0.0.0 0.0.0.0
Please do rate if the given information helps.
By
Karthik
07-22-2012 09:12 PM
Hi Bro
I presume, you've the Cisco Switch and Cisco Router working fine. All you need to do now, is to insert a Cisco Firewall. Yes, this can be done simply by placing the Cisco Firewall in transparent mode. Just assign the Firewall with a management IP with the similar network address as the Router and the Switch.
This case is similar to https://supportforums.cisco.com/message/3682020#3682020
P/S: If you think this comment is useful, please do rate them nicely :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide