Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1134
Views
0
Helpful
0
Replies

Help with ASA/Vlans addressing in packet tracer?

isaiahhavoc
Beginner
Beginner

‎11-07-2019 07:17 PM - edited ‎02-21-2020 09:40 AM

Hey all,

I'm trying to simulate my lab environment in packet tracer but having trouble addressing my ASA interfaces, namely because I have to use VLANs. Here's my project so far

My addressing table:

s1.png

and my topology,

s2.png

 

On Corp asa I did the commands:

Int vlan 2

nameif outside

ip add 198.77.121.2 255.255.255.240

no shut

security-level 0
(this connects to ISP1's g0/0)

and,

Int vlan 1
nameif inside

ip add 192.168.1.1 255.255.255.0

no shut

security-level 100

(connects to switch 1)

and,

int vlan 3

ip add 172.16.1.1 255.255.255.0

no forward interface vlan 1

nameif dmz

security-level 50

int e0/2

switchport access vlan 3

 

For branch, I have

Int vlan 2

nameif outside

ip add 198.77.122.2 255.255.255.248

security-level 0

no shut

 

Tried to do

int vlan 1

nameif inside

ip add 192.168.2.1 255.255.255.0

no shut

security-level 100

But got an error: interface address is not on same subnet as DHCP pool.

 

Corp LAN and DMZ are supposed to be on separate private networks, as is the Branch LAN.

I'm admittedly new to addressing/understanding subnetting, does everything look right here? If not, what alternatives can I use for each VLAN / how to bypass that error I got on Branch's LAN?


The requirements in total are as follows:

Routing Specs
Static routing should be used throughout the various networks. Quad zero route from
Corporate ASA to ISP 1 is fine. Quad zero route from Branch ASA to ISP 2 is fine.
You will need to set up routing between ISP1 and ISP 2 routers.

ASA Corporate Configuration
You need to set up the following items on this ASA.
Proper addressing
-
You will need 3 VLANs:
outside, inside and dmz.

Routing
Host name
Domain name
Dynamic PAT

Hosts on inside LAN of corporate should get outside address of Corp. ASA
Static NAT

Set up static NAT translations for the
Server within DMZ. Use address
from the 198.77.121.0/28 address space
Configure DHCP on ASA for inside LAN. PC and Server on inside LAN should be able to get IPv4
address with proper subnet mask and
gateway via DHCP.
Configure AAA user authentication for SSH access on ASA.
Configure SSH Access to Corporate ASA from inside network.
Configure ACL to allow access to DMZ server for anyone on outside. You should allow HTTP,
HTTPS, and FTP.

Branch Office ASA Configuration
You need to set up the following items on this ASA:
Proper addressing
-
You will need 2 VLANs:
outside and inside.

Routing
Host name
Domain name
Dynamic PAT
-
Hosts on inside LAN of corporate should get outside address of Branch office ASA
Configure DHCP on Branch ASA for inside LAN. PCs and Server on inside LAN should be able to get IPv4 address with proper subnet mask and gateway via DHCP.
Configure AAA user authentication for SSH access on ASA.
Configure SSH Access to Branch ASA from inside network.

 

0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents