Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1504
Views
0
Helpful
7
Replies

ASA Question

crash5050
Level 1
Level 1

‎08-25-2011 03:17 PM - edited ‎03-07-2019 01:53 AM

I have a 5510 with an SSM-10 Card installed in it.

Router has a public IP on the outside

Router has 10.25.240.3 on the inside

ASA FA0/0 has 10.25.240.1 as the outside interface  which is the gateway address for my entire network, as I had a sidewinder firewall in there sitting at .1 prior to purchasing the ASA.

Currently the T1 line comes out of the router into a 3Com Switch, then off to the sidewinder, then back to a netgear switch on the inside of the network.

FA0/1 has 4 sub interfaces with all non routable IP address for my Virtual Vlans, FA0/2 has 10.26.240.1 on it for a DMZ network FA0/3 has nothing on it at the present time.

My question is this, if I come off my router into Fa0/0 on my ASA, how do I get the network back into my inside switches?  I shouldn't have to plug my router into a switch before it gets to my firewall?  Should I? 

I have probally mucked up this question, so if you need some more clarifications please post questions and I will try to answer.

Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎08-25-2011 04:27 PM

David

I'm not sure i follow. The topology should be -

netgear switch -> fa0/1 ASA fa0/0 -> 3com -> router

Jon

0 Helpful

crash5050
Level 1
Level 1
In response to Jon Marshall

‎08-25-2011 06:09 PM

Now I am more confused....

4 ports on the ASA

Fa0/0 10.25.240.1 with a static route to 10.25.240.3 (Router inside IP)

Fa0/1 no IP

fa0/1.1 10.0.10.1 vlan 801

fa0/1.2 10.0.20.1 vlan 802

fa0/1.3 192.168.255.1 vlan 803

fa0/1.4 10.25.241.1 vlan 804

fa0/2 10.26.240.1

fa0/3 no ip

shutdown

Router (cisco 1700) cat 5 cable coming out of it

Cisco 2960 Switch

Do I need to configure fa0/3 to a 10.25.240.x ip address?  and then plug it back into the switch?

0 Helpful

Florin Barhala
Level 6
Level 6
In response to crash5050

‎08-26-2011 12:57 AM

Can you please post a small drawing of your network?

0 Helpful

crash5050
Level 1
Level 1
In response to Florin Barhala

‎08-26-2011 06:09 PM

Here is a visio and a PNG file,  This is the proposed end state that I need to obtain.  All of the L3 Routing and DMZ stuff works on the inside, I just can't figure out how to get it to the outside.  I have probally just looked at it too  much and cant see the forrest for the trees, but I am perplexed.

David

Preview file
94 KB
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to crash5050

‎08-27-2011 01:19 AM

David

I am still not following what the problem is. When you say -

My question is this, if I come off my router into Fa0/0 on my ASA, how do I get the network back into my inside switches?

what "network" are you referring to ?

with this sort of setup you have your internal network(s) and then you have an interface on the ASA connected to the inside network. You then have the outside interface of the ASA connecting to the router which connects you to the internet.

Do you mean the network with public IPs ?

Can you use the quick schematic i did in my previous post and add in some IP addressing or use your diagram and indicate which network you are referring to.

Jon

0 Helpful

crash5050
Level 1
Level 1
In response to Jon Marshall

‎08-27-2011 02:52 AM

Maybe I am using the wrong terms here.  Everything works on the inside of the ASA, all Networks talk to where they are suppose to.  I plug a cable into Fa0/1 all of my vlans come up and I can ping, scp, ssh, all that good stuff across all of the vlans.  FA0/0 with 10.25.240.1 will be the gateway address for all outbound and inbound connections from the Internet for the 10.25.240.0/24 network.  I guess my question is, do I plug the inbound Internet into the switch, then the fa0/0 into the switch, or inbound directly into the ASA then configure another port on the same subnet to go back to the switch.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to crash5050

‎08-27-2011 03:07 AM

David

I guess my question is, do I plug the inbound Internet into the switch, then the fa0/0 into the switch, or inbound directly into the ASA then configure another port on the same subnet to go back to the switch.

When you refer to the switch you mean the 3com switch on the outside, not any switches inside ?

You can do either of the above and there are pros and cons to each. I'll cover these once i fully understand your question but again part of your question confuses me. If you connect the router to 3com and the ASA to the 3com then fine.

But then you say if you connected the router directly to the ASA you would need to "configure another port on the same subnet to go back to the switch."

Can you explain the thinking behind this statement. Why would you need to configure another port ?

Because from your diagram there is nothing connected to the outside switch other than the 3com and the ASA.

I am missing something here but i am not sure what it is ?

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card