06-19-2017 12:50 AM - edited 03-08-2019 11:01 AM
Hello,
I have an ASA 5505 Firewall with a Base License which I want to place between my Router and Switch. My Router acts as the DHCP Server of my 192.168.0.x network and it has a link to a remote server in a 10.10.50.x network. Will I need to upgrade the license to support my network? Which ports should I allow on the Firewall to enable DHCP Requests to get to Network devices ? Also i need to enable my Network PCs to reach the Remote Server using Remote Desktop.
06-19-2017 03:05 AM
Hi,
You do not need to upgrade the code on the firewall, base licence should be fine for you setup
Have a look at the following docs for configuring you firewall:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/interface_start_5505.html
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/basic_dhcp.html
You will need to give us more details on your network setup to determine the access list and routes required. Will the router/switch be on the inside or outside of the firewall?
Thanks
John
06-19-2017 04:10 AM
The Router is on the Outside of the Firewall.
06-19-2017 04:59 AM
The Client Network Consists Of a Cisco 1941 Router and a 24 Port Dlink Switch . The ISPs connect to the router to provide access to the Internet and they also have a Backup Link on the Router.
The router also has another WAN link to a remote Server.
The remote Server is in a 10.10.50.x Network while my Internal network is a 192.168.0.x Network.
06-21-2017 08:29 AM
I am assuming you are using nat on the asa. You will have to move the dhcp for the clients onto the asa. connect the router to port eth0/0 and the switch to port eth0/1. The link between the router and the firewall will be subnet 192.168.1.0/24 with the router interface 192.168.1.2 and the firewall end 192.168.1.1 Below is a sample config of the asa using pat:
interface vlan 100
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
no shutdown
interface vlan 200
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
no shutdown
interface ethernet 0/0
description 1941-Router
switchport access vlan 100
no shutdown
interface ethernet 0/1
description DLINK-SWITCH
switchport access vlan 200
no shutdown
dhcpd address 192.168.0.101-192.168.0.210 inside
dhcpd dns 192.168.0.10 192.168.0.11
dhcpd wins 192.168.0.10
dhcpd option 3 ip 192.168.0.1
dhcpd domain example.com
dhcpd enable inside
route outside 0.0.0.0 0.0.0.0 192.168.1.2
object network my-inside-net
subnet 192.168.0.0 255.255.255.0
nat (inside,outside) dynamic interface
Thanks
John
06-22-2017 01:47 AM
Thanks John for the Detailed Reply.
I am using NAT on the Router and would want Dhcp to remain on the router.
What will be the changes ?
06-22-2017 02:17 AM
The asa is on Transparent mode
07-03-2017 05:08 AM
Hi
I need help.
I am short on Budget and need to bring up a Data Room.
Can you suggest, if using ASA 5505 the following topology supported.
Router Router
ASA 5505 ASA 5505
Server Server Server
regards
Rahul
07-04-2017 01:39 AM
Hello Rahulja,
Yes you can Work with the ASA 5505 , it would support your Topology
07-04-2017 01:43 AM
Hi
thanks for the reply.
Can you point me to a reference document with Configuration for the same?
regards
07-04-2017 02:00 AM
This two links should work for you;
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/interface_start_5505.html
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/basic_dhcp.html
or you could just use the Below configs John sent me:
interface vlan 100
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
no shutdown
interface vlan 200
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
no shutdown
interface ethernet 0/0
description 1941-Router
switchport access vlan 100
no shutdown
interface ethernet 0/1
description DLINK-SWITCH
switchport access vlan 200
no shutdown
dhcpd address 192.168.0.101-192.168.0.210 inside
dhcpd dns 192.168.0.10 192.168.0.11
dhcpd wins 192.168.0.10
dhcpd option 3 ip 192.168.0.1
dhcpd domain example.com
dhcpd enable inside
route outside 0.0.0.0 0.0.0.0 192.168.1.2
object network my-inside-net
subnet 192.168.0.0 255.255.255.0
nat (inside,outside) dynamic interface
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: