Yep. I am going to change the

vesiclife1 · ‎11-07-2016

I am trying to protect an internal network from another internal network on the same subnet with a cisco 5505 firewall. I don't know if it is possible with the conifguration my boss would like to implement but I have attached a jpeg photo of the layout.

vesiclife1 · ‎11-07-2016

Do I need a router to get traffic on the same subnet to anoter network on the same subnet through the firewall?

Pablo · ‎11-07-2016

Hi,

Yeah you need another device in between, it's not possible to configure 2 firewall interfaces on the same subnet unless you have multi-context mode which is not supported on the 5505.

Even if you get that router in between, you'll have to do full network source address translation on the ASA and the router in order to protect the overlapping network.

I know you mentioned the addressing can't be changed but it seems the best route you can take is to break that class C subnet into two /25 nets.

HTH

Pablo

vesiclife1 · ‎11-08-2016

Yep. I am going to change the subnet on one network and assign others to the servers.

Cisco Firewall Overlapping Internal Network Issue

Hi,

Yeah you need another device in between, it's not possible to configure 2 firewall interfaces on the same subnet unless you have multi-context mode which is not supported on the 5505.

Even if you get that router in between, you'll have to do full network source address translation on the ASA and the router in order to protect the overlapping network.

I know you mentioned the addressing can't be changed but it seems the best route you can take is to break that class C subnet into two /25 nets.

HTH

Pablo

Cisco Secure Firewall (FTD) - How To

Network Security Expert Insights Series: Cisco Secure Firewall

Expert Insights: Cisco Secure Firewall Network Security

Secure Access: Network Tunnel Groupの接続におけるFTDのECMP設定例

FMC: Cisco Success Network への接続方法 [Secure Firewall]