Solved: help in configration - Page 2

CSCO11825412 · ‎04-12-2013

hi there

i have network 10.7.10.0/22 conected by mpls router and conected by cisco router adsl for internet

ip for mpls router 10.7.10.1/22

ip for adsl 10.7.10.2/22

i want to install and configure cisco asa 5510 new

i cannot access to thes routers so i cannot change ip inteface and my network subnet

when i try to configure e0/0 outside network with ip 10.7.10.3

and e0/1 inside 10.7.10.4 with same subnet refuse by cisco asa

so in this sierno how i can configure it

and i want two route one for mpls

one for internet

i want full configure to make it and make good secuirty for my network

king regards

Julio Carvajal · ‎04-12-2013

MPLS router------ASA------Cisco Router

All of this is on the same broadcast domain

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Julio Carvajal · ‎04-12-2013

Hello,

there is none, that is the purpose of this configuration,

the same ip will be used on both inside and outside,

read the documents I provide you for further explanation

regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

CSCO11825412 · ‎04-12-2013

to many thnaks sir

if i want puplish sharpoint i put nat on adsl router to lan host example

10.7.10.50

this for exchange server

how i can puplish it on asa in transparnt mode

Julio Carvajal · ‎04-12-2013

Hello,

You can do it on the ASA ( NAT on transparent mode is supported as long as you do not use the managment ip address , in this case is 10.7.10.4..

Example of nat

static ( inside,outside) 10.7.10.50 x.x.x.x ( here it goes the real ip address )

regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

CSCO11825412 · ‎04-12-2013

thanks sir for all answer

if nated was on ciso router adsl static nat 10.7.10.50 x.x.x.x real ip for exchange and conected on asa

i make double nat on asa

static ( inside,outside) 10.7.10.50 x.x.x.x ( here it goes the real ip address )

right ???

Julio Carvajal · ‎04-12-2013

Hello Mohamed,

If you are going to do the nat on the ADSL router which is fine, you do not need to do it on the asa,

You could use the ASA as the security filter and the router as the border device doing routing and NAT

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

CSCO11825412 · ‎04-13-2013

u mean if i make nat by real ip for exchange on adsl router

so router adsl-----E0/0------ asa------conected to -switch ---- mpls router conected to switch and lan coneted also in switch

asa will doesnot need to make double natting right

i just need to puplish it by access-list on asa to puplish it

Julio Carvajal · ‎04-13-2013

Hello

Exactly,

All you will do on the ASA is to allow and permit certain traffic, we will leave the NAT job to the outside router,

regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC