Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
702
Views
0
Helpful
5
Replies

ASA5505 to ASA5505 direct connection on inside network, help. (not vpn)

Go to solution
chinsayab
Level 1
Level 1

‎08-28-2012 09:38 AM - edited ‎03-07-2019 08:34 AM

Hello everyone,

I will begin to tell that i'm very close to noob status in this area.

I will try to explain my problem for you, and see if anyone can help me.

The setup is like this:

I have to different cabinets, A and B , each cabinet has a ASA5505 connected to an ISP, a layer 2 switch and some servers.

Each cabinet has it's own subnet.

Between these cabinets is a cat cable. (not connected yet)

The goal is for the servers in each cabinet to be able to communicate to eachother without accessing the internet.

Should this just be a matter of connecting the two ASA's and it will find the subnet on the other side?

Do I have to add some static routes?

NAT's?

ACL changes?

Please point me in the right direction.

I have attached a picture explaining the setup.

Thanks in advance.

Martin

Labels:
Preview file
31 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to chinsayab

‎08-29-2012 02:37 AM

You have to configure on both ASAs a new VLAN, with a new subnet. This can be used as a transfer network between the ASAs. The static routes point to the other sides IP in that subnet. The ACLs on these new VLAN-interfaces have to permit the needed traffic and the NAT has to be adjusted with NAT-Excemption.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
5 Replies 5

Go to solution
dominic.caron
Level 5
Level 5

‎08-28-2012 10:53 AM

You connect the cable, add a static route on both ASA and add ACL to the new interface to permit trafic between the two firewall. It's pretty simple, no hidden trick here.

0 Helpful

Go to solution
chinsayab
Level 1
Level 1
In response to dominic.caron

‎08-28-2012 11:09 AM

Thanks!, i'll try that.

Might get back with more questions.

/Martin

0 Helpful

Go to solution
chinsayab
Level 1
Level 1
In response to chinsayab

‎08-29-2012 02:09 AM

Hi Dominic,

It does not seem to work,

Shouldn't there be a problem when i connect a cable from  Vlan1 (10.0/24) on ASA-A to Vlan1 (70.0/24) on ASA-B ?

If I look in the ARP and routing tables, the ASA does not "see" the network on the other side.

Thanks again!

/Martin

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to chinsayab

‎08-29-2012 02:37 AM

You have to configure on both ASAs a new VLAN, with a new subnet. This can be used as a transfer network between the ASAs. The static routes point to the other sides IP in that subnet. The ACLs on these new VLAN-interfaces have to permit the needed traffic and the NAT has to be adjusted with NAT-Excemption.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
chinsayab
Level 1
Level 1
In response to Karsten Iwen

‎08-29-2012 04:02 AM

Thanks Karsten! , it got it to work.

As you said, I added 1 vlan on each ASA, 

ASA A got 192.168.50.0/24 with ip 192.168.50.1

ASA B got 192.168.50.0/24 with ip 192.168.50.2

and I added the static routes

ASA A points to 192.168.50.2 when traffic is intended for the B network

ASA B points to 192.168.50.1 when traffic is intended for the A network

I allowed same security level networks to pass traffic to each other.

No NAT's where needed to make it work.

Next I will look into ACL to limit the traffic allowed between the networks.

Thanks all for your help.

Have a nice day!

/Martin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card