02-02-2016 12:57 PM - edited 03-08-2019 04:26 AM
I am very new to configuring firewalls. I will be adding virtual servers to our network that attach to a Layer 3 HP 2920 switch. There are also subnets configured on the switch (for the virtual cluster). I need to know how to configure my ASA 5505 firewall to allow these subnets to talk to the domain and be protected. I have attached a network diagram of sorts. I would prefer to perform the configuration via the ASDM, if possible, as I have never been good at CLI.
Any help would be greatly appreciated. I inherited this task and have never configured a firewall before. Can this be done with a basic license?
Solved! Go to Solution.
02-22-2016 11:26 AM
These screen shots are helpful. The good news is that the way your dynamic NAT rule is set up will work just fine as it is for the new subnets, as you add them. So there is no additional configuration required for address translation.
The screen shot for routing shows routing for the connected inside network to outside. As you add more subnets inside your network you will need to configure routing on the ASA to reach those subnets through the inside interface.
HTH
Rick
02-22-2016 01:10 PM
02-22-2016 01:17 PM
With the subnet mask of 255.255.255.255 you have added host specific routes. If you want to route the subnet then you need to change the subnet mask in the routes. Probably it would be 255.255.255.0 but the specifics of the mask depend on how you have designed your subnetting. But the screen shot shows that you are on the right path.
HTH
Rick
02-22-2016 02:46 PM
Thank you so much for all your help. I will continue on this path and see if everything can connect once configured. Thanks again!!
02-22-2016 03:23 PM
You are welcome. These forums are a very good place to learn about Cisco networking and I hope that you will continue to participate in the forums. I am glad that our suggestions were helpful. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to find discussions with helpful content.
HTH
Rick
02-08-2016 10:49 PM
kindly share sh run of asa as while network diagram along with IP details and which host connect which, also communication in which service (L4 port numbers).
03-03-2016 12:44 PM
I have added another screen shot showing what I have thus far. The switch IP address/subnet mask/gateway is 10.10.0.1/255.255.255.0/10.10.0.3.
I have about 9 subnets, each configured like so: 10.10.30.1/255.255.255.0/10.10.0.3, and so on. One of the replies mentioned having to do NATting, but I am not sure how to do that on this firewall. I have routing enabled on the switch, but still cannot get traffic to flow. Help please!!
03-06-2016 02:47 PM
What is shown in this screenshot is mostly correct. I will point out that what you say about subnet 10.10.30.0 in this post is different from what you have for that network in the screen shot. There are three entries in the screen shot which seem to be not correct, and two of them are mentioned in a previous post in this thread. For subnets 10.10.30 and 10.10.50 you have an incorrect subnet mask and incorrect gateway. I am not sure what you are doing with subnet 10.0.100.16. I do not see how this subnet could be logically reached through the outside interface and the next hop address/gateway of 10.0.100.1 would not seem to be reachable given what we see in the screen shots.
I also note that in previous posts you told us that the switch address was 10.10.0.108. Is that switch address really now changed to 10.10.0.1?
What you showed in a previous screen shot was that nat was configured. If the configuration of nat is still what was shown in that screen shot then these vlans traffic should work with nat ok.
HTH
Rick
03-06-2016 07:43 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide