I would love all the assistance that I can get. I took over the IT position without being shown any or our network, and although we are a small company, it has been over 10 years since I have done anything. I have never worked with routers. Is there any information that I need to provide?

Ken

You mention a L3 switch in your network but then talk about setting up subnets on the firewall.

Do you want the L3 switch to route between some subnets but the firewall to route between others ?

Or do you just want the firewall to connect your network to the internet ?

In addition your diagram shows no connection between the HP switch and the rest of the network.

Do you just want outbound internet access or do you want some servers to be accessible from the internet ?

This sounds like quite a bit of work but we need to understand what you are trying to achieve before we can point you in the right direction.

Finally what is the software version on your ASA ?

By the way I don't use ASDM, never liked it, so any help I can give will be with CLI.

Jon

The title of the original post mentions 5505 Basic. I am not clear whether the Basic refers to the license of this ASA or is about something else. But one thing to remember is that the 5505 with a Basic license has a pretty severe restriction on vlan configuration. Especially if this ASA does have the Basic license then the routing between vlans needs to be done on the L3 switch and not on the ASA.

HTH

Rick

I apologize for the error on the diagram. The L3 switch (HP 2920) will be configured for the subnets. The subnets are not on the domain, per se.  I will be running virtual servers that will replace all of the servers on the diagram except the Domain Controllers. The ASA version is 7.2(2) and the ASDM version is 5.2(4)52.  I am setting up the hardware for our upgrade on our slot monitoring system.

I will need these virtual servers to be able to receive updates via the web, but there is no other reason for them to access the Internet. The subnets do need to talk to each other, however. I believe that the L3 switch routes the subnets, but I am not sure. Our slot system manufacturer configured all this at our other casino, but they no longer perform the configurations, so I am trying to copy what they have done, as our two houses are virtually identical. The only difference is our other casino is using a D-Link firewall instead of the ASA.

Do the servers initiate connections to get the updates or can the updates be initiated from the devices on the internet ?

If the servers initiate the connections then it sounds like you simply need to setup your ASA to allow outbound connections to the internet.

If so and you are routing all your vlans on the HP switch then it should be a relatively simple thing to setup.

One last question, how is internet access currently working or is not ?

Jon

The servers should initiate the connection for updates and the HP switch routes the VLANs. The Internet connection, I believe comes into the ASA, and then the network  switch is connected to the ASA (the T1 box is located in the basement and I have not traced the cabling to verify this).

So is the ASA currently configured for anything ie. does the site have internet access currently.

Should be able to get this working but need to understand where you are with it at the moment.

Jon

Sorry for the delay, but I am the only IT guy in our company and I was dragged away to another project.  The ASA is currently set to allow remote access to one computer on the network and provide internet to the rest of the network. The IP address of the ASA is 10.10.0.3. 

The L3 switch is configured with an IP address of 10.10.0.108 (static). The switch contains 10 Vlans, with the default vLAN set to the current network. the other vLANs are configured on the switch as 10.10.10.xx, 10.10.20.xx, 10.10.30.xx, and so on.

I understand that I need to set the ASA NAT routing to allow these subnets to access the internet for updates, but that is where I am stuck.

We sympathize that sometimes we get pulled away from one project because other things need attention. If you are now back to having time for the ASA project we are ready to provide suggestions.

When you say that the ASA is set up to provide remote access to one computer on the network, is it correct to understand that this is remote access from the Internet or is it perhaps remote from somewhere else? And if the ASA is already providing Internet access to the rest of the network then much of the work is already done. I would think that at this point the main thing would be to configure routing on the ASA to recognize the new subnets that will be introduced with the L3 switch doing their routing and forwarding their traffic to the ASA and to configure address translation for the new subnets.

It will make it much easier for us to provide good advice is you can share with us the current configuration of the ASA (obscuring or changing Public IP addresses and any other sensitive information).

HTH

Rick 

Thank you for your help. I have attached 2 print screens of the configuration of the ASA. Please let me know if you need anything else.

Your screen shots do clarify what your access policies are. They do not shed any light on the two areas I identified where you will need to change things: routing to the inside networks, and address translation.

HTH

Rick

Sorry, I am new to this. Here are the screen shots for Routing and NAT.