12-02-2014 07:44 AM - edited 03-05-2019 12:16 AM
I have three external IPs, call them 10.0.0.3-5, from my service provider. I would like to have two internal networks, 192.168.10.x and 192.168.9.x with my servers on .9.x and my desktops on .10.x. Currently all my servers are still on 10.x so my configuration is all on that network.
I have PATs and ACLs allowing and directing the traffic to the proper ips inside, I need to have the internal server reply out the same external ip
Any help is appreciated
12-02-2014 01:43 PM
It looks like for starts you need to add a third VLAN to your config. You've got outside 10.x and Inside 192.168.10.x and you want a third network for 192.168.9.x
The ASA5505 by default supports only two fully functional VLANs with the option to add a third restricted VLAN.
So you'll need something like this setup for starts. This will allow you to setup three different networks on your ASA5505. The Outside interface has been restricted so that it is not allowed to initiate traffic with VLAN1.
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Vlan3
nameif Servers
security-level 90
ip address 192.168.9.1 255.255.255.0
!
interface Vlan2
no forward interface Vlan1
nameif outside
security-level 0
ip address 10.0.0.3 255.255.255.248
!
12-03-2014 12:27 PM
I was planning on the 3rd vlan but will the lower security level prevent traffic from Vlan3 to Vlan2? Do I just add an access list for 9.x to 10.x?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide