09-05-2013 04:47 AM - edited 03-11-2019 07:34 PM
Hi i'm new to the world of asa and i hope that someone can guide me in the right direction.
We have a 5510 (7.1) with 4 active interfaces an one wan
Our ISP have given us a public ip range. We have set up default route and we have connection to the internet.
Now we what to ensure that each interface is browsing with seperate public ip's and there is no access between the interfaces.
How do we do that?
Hope that som of you gurus can help me along :-)
Best
Jns
09-05-2013 05:22 AM
Hi,
Now we what to ensure that each interface is browsing with seperate public ip's and there is no access between the interfaces.
For second part just configure the 4 internal interfaces with same security level and they won't be able to communicate by default.
For first part just use dynamic PAT:
for example you've got 2 internal interfaces named INT1(192.168.1.0/24) and INT2(192.168.2.0/24) and you've got the WAN named OUT.
nat(INT1) 1 192.168.1.0 255.255.255.0
nat(INT2) 1 192.168.2.0 255.255.255.0
global(OUT) 1 interface
Also enable icmp inspection if you want to ping the outside world from your internal interfaces: fixup protocol icmp
Regards
Alain
Don't forget to rate helpful posts.
09-05-2013 05:27 AM
He wants to have different public IPs for each internal interface. So we need four NAT-Pools:
nat(INT1) 1 Net1/mask
nat(INT2) 2 Net2/mask
nat(INT3) 3 Net3/mask
nat(INT4) 4 Net4/mask
global (outside) 1 IP1
global (outside) 2 IP2
global (outside) 3 IP3
global (outside) 4 IP4
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-05-2013 05:39 AM
Hi Karsten,
OUPS my fault I didn't read carefully what Jens wanted to achieve
Regards
Alain
Don't forget to rate helpful posts.
09-05-2013 04:42 PM
Thank you both for spending your time to help me :-)
Well i just realised that we're running version 9.1 and the nat has changed - no global command. Any chance for you know to accomplish your solution in v 9.1?
Best
Jns
09-05-2013 08:30 PM
Hello Jens,
Object Network Lan_1
subnet 192.168.10.0 255.255.255.0
Object Network Lan_2
subnet 192.168.20.0 255.255.255.0
object network Pool_1
range 50.50.50.1 50.50.50.10
object network Pool_2
range 100.100.100.1 100.100.100.10
Then the NAT
nat (inside,outside) source dynamic Lan_1 Pool_1
nat (dmz,outside) source dynamic Lan_2 Pool_2
I think you get the idea
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide