12-24-2011 03:19 AM - edited 03-11-2019 03:06 PM
Hi,
I want to configure multiple DHCP pool on ASA. that I create like
int e0/2
no shut
interface Ethernet0/2.10
vlan 10
nameif inside10
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Ethernet0/2.20
vlan 20
nameif inside20
security-level 100
ip address 192.168.20.1 255.255.255.0
dhcpd address 192.168.10.10-192.168.10.254 inside10
dhcpd dns x.x.x.x y.y.y.y interface inside10
dhcpd enable inside10
dhcpd address 192.168.20.10-192.168.20.254 inside20
dhcpd dns h.h.h.h z.z.z.z interface inside20
dhcpd enable inside20
I have following query...
1. int e0/2 work as trunk port, is it?
any special confiduration require other than dot1Q?
2. How can I configure inside interface?
is it like,
access-group inside_access_in_1 in interface inside10
access-group inside_access_in_1 in interface inside10
3. How can I configure static NAT ?
4. How can i configured inside route?
5. How can I configured default NATing?
6. On which interface I access ASA? currently using inside interface.
Thanks...
Dhaval Dikshit
12-24-2011 05:07 AM
1) For trunking you have already assigned vlans to subinterfaces noextra config reuired on ASA.
2) This is the way access-list is assigned to interface. Same access-list inside_access_in_1 should exist on ASA .This will provide you controlling traffic from host falls in inside 10.
3) Depend upon ASA version- for ex- nat(inside10,outside) 2.x.x.x.x 192.168.10.1 netmask 255.255.255.255- For NAT you should configure one more interface which will be outside say for internet. Host will get natted with 2.x.x.x.
4) Lets say you have router inside zone 192.168.10.2 - and subnet 10.x.x.x /24 behind that.
route inside 10.x.x.x 255.255.255.0 192.168.10.2
5) no term is called default nat it should be static/dynamic/policy/pat
6) you can access any of the interface - ssh 0.0.0.0 0.0.0.0 inside/outside
Thanks
Ajay
12-25-2011 09:57 PM
Thanks Ajay,
Just want to more specific,
5) Shell I put dynamic NAT for each inside sub interface ?
Currently I'm using 192.168.5.0/24 as inside subnet as user and managment both.
Thanks once again...
Dhaval
12-25-2011 10:59 PM
No matter how many interfaces you have if you just want to give them internet access-use PAT.
For ex. nat (inside) 1 0.0.0.0 0.0.0.0 its for inside users same u can go for nat (dmz)
12-25-2011 11:49 PM
Hi Ajay,
Thanks a lot for your kind support.
Rgd..
Dhaval
12-25-2011 11:52 PM
Happy to help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide