cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
408
Views
0
Helpful
2
Replies

Insert ASA 5512X in Router 1921 Switch 2960 network

mquevedob
Level 1
Level 1

Hi Guys,

I have a Router 1921 connected to the internet and a few 2960 switches connected to this router over trunk interfaces.

Is there an easy way to insert my ASA 5512x firewall into this configuration so that I dont have to change much of my configuration in the router ?

 

here is my router conf

 

Current configuration : 3455 bytes
!
! Last configuration change at 21:49:31 UTC Tue Dec 16 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname hrc_r01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.7.1 10.10.7.10
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool VLAN7
 network 10.10.7.0 255.255.255.0
 default-router 10.10.7.1
 dns-server 10.10.7.1
!
ip dhcp pool VLAN3
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.1
 dns-server 192.168.2.1
!
!
!
ip domain name hrc.com.py
ip name-server 190.104.163.57
ip name-server 200.3.250.1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FGL1834240J
!
!
username xxxxxxxx privilege 15 password 0 xxxxxxxx
!
redundancy
!
!
!
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description LAN
 no ip address
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.3
 encapsulation dot1Q 3
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/0.7
 encapsulation dot1Q 7
 ip address 10.10.7.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/0.8
 encapsulation dot1Q 8
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/0.9
 encapsulation dot1Q 9
 ip address 192.168.4.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1
 description WAN
 ip address xxx.xxx.xxx.166 255.255.255.252
 ip nat outside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
!
interface GigabitEthernet0/0/1
 no ip address
!
interface GigabitEthernet0/0/2
 no ip address
!
interface GigabitEthernet0/0/3
 no ip address
!
interface Vlan1
 no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.3.150 8181 interface GigabitEthernet0/1 8181
ip nat inside source static tcp 192.168.3.151 8282 interface GigabitEthernet0/1 8282
ip nat inside source static tcp 192.168.3.152 8383 interface GigabitEthernet0/1 8383
ip nat inside source static tcp 192.168.3.150 9000 interface GigabitEthernet0/1 9000
ip nat inside source static tcp 192.168.3.151 10000 interface GigabitEthernet0/1 10000
ip nat inside source static tcp 192.168.3.152 11000 interface GigabitEthernet0/1 11000
ip nat inside source static tcp 192.168.3.150 18004 interface GigabitEthernet0/1 18004
ip nat inside source static tcp 192.168.3.151 19004 interface GigabitEthernet0/1 19004
ip nat inside source static tcp 192.168.3.152 20004 interface GigabitEthernet0/1 20004
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.165
!
access-list 1 permit 10.10.7.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login local
 transport input all
line vty 5 15
 login local
 transport input all
!
scheduler allocate 20000 1000
!
end

 

2 Replies 2

zulqurnain
Level 3
Level 3

where do you want to insert the ASA? my guess is in front of the router !

which VLAN or subnet is your internal switches sits ?

 

 

 

Where to insert the ASA depends on which option is easier. Either before or after the router.

I have 3 switches. the LAN interface of the router goes to Gi0/1 of my first switch with a trunk interface type. Gi0/48 interface goes to Gi0/1 of switch two also with trunk interfaces. Sames goes to switch 3

 

Review Cisco Networking for a $25 gift card