Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2295
Views
0
Helpful
23
Replies

Adding subnets to ASA 5505 basic

Go to solution
ken.hoover1
Level 1
Level 1

‎02-02-2016 12:57 PM - edited ‎03-08-2019 04:26 AM

I am very new to configuring firewalls. I will be adding virtual servers to our network that attach to a Layer 3 HP 2920 switch.  There are also subnets configured on the switch (for the virtual cluster). I need to know how to configure my ASA 5505 firewall to allow these subnets to talk to the domain and be protected.  I have attached a network diagram of sorts.  I would prefer to perform the configuration via the ASDM, if possible, as I have never been good at CLI.

Any help would be greatly appreciated.  I inherited this task and have never configured a firewall before.  Can this be done with a basic license?

Labels:
Preview file
156 KB
0 Helpful
23 Replies 23

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ken.hoover1

‎02-22-2016 11:26 AM

These screen shots are helpful. The good news is that the way your dynamic NAT rule is set up will work just fine as it is for the new subnets, as you add them. So there is no additional configuration required for address translation.

The screen shot for routing shows routing for the connected inside network to outside. As you add more subnets inside your network you will need to configure routing on the ASA to reach those subnets through the inside interface.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
ken.hoover1
Level 1
Level 1
In response to Richard Burts

‎02-22-2016 01:10 PM

At least some of it is correct. I have attached a screen shot with two subnets added. Does this look correct. For example my switch IP is 10.10.0.108 and one of the subnets is 10.10.30.1

Preview file
83 KB
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ken.hoover1

‎02-22-2016 01:17 PM

With the subnet mask of 255.255.255.255 you have added host specific routes. If you want to route the subnet then you need to change the subnet mask in the routes. Probably it would be 255.255.255.0 but the specifics of the mask depend on how you have designed your subnetting. But the screen shot shows that you are on the right path.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
ken.hoover1
Level 1
Level 1
In response to Richard Burts

‎02-22-2016 02:46 PM

Thank you so much for all your help. I will continue on this path and see if everything can connect once configured. Thanks again!!

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ken.hoover1

‎02-22-2016 03:23 PM

You are welcome. These forums are a very good place to learn about Cisco networking and I hope that you will continue to participate in the forums. I am glad that our suggestions were helpful. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to find discussions with helpful content.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
kbamehriz
Level 1
Level 1
In response to ken.hoover1

‎02-08-2016 10:49 PM

kindly share sh run of asa as while network diagram along with IP details and which host connect which, also communication in which service (L4 port numbers).

0 Helpful

Go to solution
ken.hoover1
Level 1
Level 1

‎03-03-2016 12:44 PM

I have added another screen shot showing what I have thus far. The switch IP address/subnet mask/gateway is 10.10.0.1/255.255.255.0/10.10.0.3.

I have about 9 subnets, each configured like so:  10.10.30.1/255.255.255.0/10.10.0.3, and so on. One of the replies mentioned having to do NATting, but I am not sure how to do that on this firewall.  I have routing enabled on the switch, but still cannot get traffic to flow.   Help please!!

Preview file
122 KB
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ken.hoover1

‎03-06-2016 02:47 PM

What is shown in this screenshot is mostly correct. I will point out that what you say about subnet 10.10.30.0 in this post is different from what you have for that network in the screen shot. There are three entries in the screen shot which seem to be not correct, and two of them are mentioned in a previous post in this thread. For subnets 10.10.30 and 10.10.50 you have an incorrect subnet mask and incorrect gateway. I am not sure what you are doing with subnet 10.0.100.16. I do not see how this subnet could be logically reached through the outside interface and the next hop address/gateway of 10.0.100.1 would not seem to be reachable given what we see in the screen shots.

I also note that in previous posts you told us that the switch address was 10.10.0.108. Is that switch address really now changed to 10.10.0.1?

What you showed in a previous screen shot was that nat was configured. If the configuration of nat is still what was shown in that screen shot then these vlans traffic should work with nat ok.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
ken.hoover1
Level 1
Level 1

‎03-06-2016 07:43 AM

I have attached another network diagram of what I am trying to accomplish. Any help would be appreciated greatly.

Preview file
26 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card