how enable the access local lan

mafija1975 · ‎01-20-2012

i have configuration my network infrastructure with the asa5505 like on image. i want that my users from lan 10.13.10.0/24 can to access to my LAN 192.168.0.0/24. can i use just routing or i must to use site to site VPN. how can i do it? how configure my asa 5505.on my LAN1 there's DHCP. From LAN side of my asa5505 i must disable DHCP.In my LAN1 i have DNS,Domain Controller. The users from my LAN3 need to access to LAN1 because of authentication and access to resources and programs. i attached my picture with configuration.

Plz help me

Thnks

cadet alain · ‎01-20-2012

Hi,

if LAN3 interface is configured with a higher security level than LAN1 then you can initiate communication from LAN3 through the ASA to LAN 1 and the return traffic will pass through without any problem with one exception which is ICMP( like ping for example).

For this ICMP return traffic you can do 2 things:

-enable ICMP inspection in global config

- configure an ACL permitting this traffic and apply it inbound on the lower security level interface

Concerning NAT, as the default is now no nat-control it is not mandatory anymore for traffic to pass through.

Regards.

Alain

Don't forget to rate helpful posts.

rizwanr74 · ‎01-20-2012

If you are running Firewall image version 8.25 or lower, the below config will do, what you want to do.

---------------------------------------------------------------------------------------------------------------------

access-list acl-ALLOW-NAT extended permit ip 10.13.10.0 255.255.255.0 any

global (outside) 1 interface
nat (inside) 1 access-list acl-ALLOW-NAT

route inside 10.13.10.0 255.255.255.0 10.13.74.1

--------------------------------------------------------------------------------------------------------------------

What is your firewall image version?

Thanks

Rizwan Rafeek