Hello Rahulja,

EVANS TONUI · ‎06-19-2017

Hello,

I have an ASA 5505 Firewall with a Base License which I want to place between my Router and Switch. My Router acts as the DHCP Server of my 192.168.0.x network and it has a link to a remote server in a 10.10.50.x network. Will I need to upgrade the license to support my network? Which ports should I allow on the Firewall to enable DHCP Requests to get to Network devices ? Also i need to enable my Network PCs to reach the Remote Server using Remote Desktop.

johnd2310 · ‎06-19-2017

Hi,

You do not need to upgrade the code on the firewall, base licence should be fine for you setup

Have a look at the following docs for configuring you firewall:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/interface_start_5505.html

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/basic_dhcp.html

You will need to give us more details on your network setup to determine the access list and routes required. Will the router/switch be on the inside or outside of the firewall?

Thanks

John

**Please rate posts you find helpful**

EVANS TONUI · ‎06-19-2017

The Router is on the Outside of the Firewall.

EVANS TONUI · ‎06-19-2017

The Client Network Consists Of a Cisco 1941 Router and a 24 Port Dlink Switch . The ISPs connect to the router to provide access to the Internet and they also have a Backup Link on the Router.

The router also has another WAN link to a remote Server.

The remote Server is in a 10.10.50.x Network while my Internal network is a 192.168.0.x Network.

johnd2310 · ‎06-21-2017

I am assuming you are using nat on the asa. You will have to move the dhcp for the clients onto the asa. connect the router to port eth0/0 and the switch to port eth0/1. The link between the router and the firewall will be subnet 192.168.1.0/24 with the router interface 192.168.1.2 and the firewall end 192.168.1.1 Below is a sample config of the asa using pat:

interface vlan 100
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
no shutdown

interface vlan 200
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
no shutdown

interface ethernet 0/0
description 1941-Router
switchport access vlan 100
no shutdown

interface ethernet 0/1
description DLINK-SWITCH
switchport access vlan 200
no shutdown

dhcpd address 192.168.0.101-192.168.0.210 inside
dhcpd dns 192.168.0.10 192.168.0.11
dhcpd wins 192.168.0.10
dhcpd option 3 ip 192.168.0.1
dhcpd domain example.com
dhcpd enable inside

route outside 0.0.0.0 0.0.0.0 192.168.1.2

object network my-inside-net
subnet 192.168.0.0 255.255.255.0
nat (inside,outside) dynamic interface

Thanks

John

**Please rate posts you find helpful**

EVANS TONUI · ‎06-22-2017

Thanks John for the Detailed Reply.

I am using NAT on the Router and would want Dhcp to remain on the router.

What will be the changes ?

EVANS TONUI · ‎06-22-2017

The asa is on Transparent mode

rahulja · ‎07-03-2017

Hi

I need help.

I am short on Budget and need to bring up a Data Room.

Can you suggest, if using ASA 5505 the following topology supported.

Router Router

ASA 5505 ASA 5505

Server Server Server

regards

Rahul

EVANS TONUI · ‎07-04-2017

Hello Rahulja,

Yes you can Work with the ASA 5505 , it would support your Topology

rahulja · ‎07-04-2017

Hi

thanks for the reply.

Can you point me to a reference document with Configuration for the same?