cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
763
Views
0
Helpful
4
Replies

Setup Cisco ASA 5506-X with FirePOWER routers

sim-network
Level 1
Level 1

Hello,

I will try as simple as possible to explain how I want to set up the router, what is cureently being done and what are the problems.

It is currently only one range, soon will be needed and another range of address but to be completely equal to the current one.
On our router the rule is: when someone wants to approach on our local network must have LAN. Internet access is blocked for everyone.

https://ibb.co/niRNon

In Firewall in Objects> Network Objects/Groups, we have group by name "Group_which_is_ have_net"
When the device is connected to a LAN network, we get the IP I'm entering into this group, we give the name for device and after that he gets a pass on the internet.

https://ibb.co/d2dUZS

The problems are when these devices (which I do not link to MAC anywhere, but I just passed through IP) are off the network and DHCP Lease lenght expires we've put in 5 days.
These devices, when they come back to the network after that time, get a new IP and router that which I passed on Internet and give by name for example: should not have access to the Internet. It's chaos.

https://ibb.co/kS2Z17

Before we had an router, the set up was similary (Cisco RV320 Dual Gigabit WAN VPN Router), but when I put someone on the the list on Internet, I had to link IP for MAC (DHCP was refreshing every two hours),
some devices was out of network for few months and when they come back, they always got the same IP address. This router was replaced because it had limitations, after a certain number of omissions,
it fired the fatal error where i need to delete someone else to let go and it went down constantly so it had to physically restart so we got a recommendation for buying this now model.

This is first step and very important an emergency because 12.5. DHCP Lease Lenght will expire for almost 50 computers.

In addition to this rule, which is very important for me, I would like to create a group that has access to the Internet but with some blockages to some sites.
I also need a group that has a blocked net, but have access to e-mail (mail server is leased to one hosting server and we access mail clients via IMAP some POP3 settings, outgoing and incoming ports they are known to us:: e-mail.namecompany.biz)

Thanks in advance everyone, who wanna help. I really appreiciate that.

1 Accepted Solution

Accepted Solutions

Seems ASA cannot support DHCP reservation so you're left with DHCP relay and using an external DHCP server.

View solution in original post

4 Replies 4

Florin Barhala
Level 6
Level 6
Why aren't you using DHCP reservations for each and every client?

That's exactly what I want to do.
Where is the definition of that address on this router?
And can it be linked to the mac address, so that the device when it is long time out of network after it returns again, get it the same IP, not the new one.

Seems ASA cannot support DHCP reservation so you're left with DHCP relay and using an external DHCP server.

Thanks for support and your time, we really appreicate that.
Review Cisco Networking for a $25 gift card