cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2861
Views
0
Helpful
7
Replies

Configuring ASA 5525

purpletech
Level 1
Level 1

I need to connect 3 Dell switches (Dell PowerConnect 5324, 5448 ) to a Cisco ASA 5525 Firewall.

The Switch IP addresses are 10.60.0.4/16, 172.16.1.4/24, 192.168.124.4/24.

May I know how to configure the ASA Firewall for connecting the switches. The Firewall is new , I need to configure the IP address for the firewall too. Should I configure the IP address for the Firewall on the Management interface

7 Replies 7

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

As I can see they will be on 3 different broadcast domains so you will need to configure 3 different interfaces on the ASA and then connect each of them to the proper switch.

Just to let you know if you use the managment interface to connect to one of them only managment purpose traffic will be allow to reach an interface, no other traffic ( traffic going to a different interface will not be allow)

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thank you for the infomation.  May I know how to configure on the ASA for creating 3 different broadcast domains

Hello,

Interface gigabitethernet 0/1

ip add 192.168.12.1 255.255.255.0

nameif inside

no shut

interface gigabitethernet 0/0

ip add 192.168.13.1 255.255.255.0

nameif DMZ

no shut

interface gigabitethernet 0/2

ip add 2.2.2.1 255.255.255.252

nameif outside

no shut

As you can see the three of them are on different interfaces, different subnets ( each interface its  on its own broadcast domain)

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thank you Julio.

So I will configure 3 interfaces with 3 different subnets for connecting the switches.

For the outside interface--- The Firewall is connected to a Router which is having the ip address as

ip add 2.2.2.1 255.255.255.252 and it is connected to the internet. What ip address can I assign for the Firewall for the outside interface. Can I assign any public ip add 2.2.2.3 255.255.255.224)

Hello,

You will need to assign an ip address available on the range that the ISP will provide you.

Regards,

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Currently The Router is connected to 3 switches

I need to configure and install an ASA 5525 inbetween the router and the Switches. I have attached the picture  (Is it possible to do the connection this way)

There are three networks (192.168.0.*, 176.16.1.*, 10.50.0.*) configured on the router(Router IP's are 192.168.0.1,172.16.1.1,10.60.0.1 ) and it is connected to 3 switches (IP addresses are 192.168.0.4,172.16.1.4,10.60.0.4)

Now I need to install a Cisco ASA 5525 Firewall between the Router and the Switches. May I know how to configure ASA for this.

(OR) Is there any other better way . Thank you for your help

Hi Bro

I presume, you've the Cisco Switch and Cisco Router working fine. All you need to do now, is to insert a Cisco Firewall. Yes, this can be done simply by placing the Cisco Firewall in transparent mode. Just assign the Firewall with a management IP with the similar network address as the Router and the Switch.

This case is similar to https://supportforums.cisco.com/message/3681007#3681007

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam
Technical Specialist/Service Delivery Manager – Managed Service Department

Warm regards,
Ramraj Sivagnanam Sivajanam
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: