Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
4
Helpful
3
Replies

Routing to separate LAN (With twist, I think)

mwhalen
Level 1
Level 1

‎04-09-2013 08:51 AM - edited ‎03-07-2019 12:43 PM

Hi,

I'll try to explain. I admit my Google FU is coming up with similar examples, but nothing quite the same.

Here's my layout:

(WAN) ---> Managed Dell 2808 Switch (L2) ---> (ASA 5505 outside interface (0/0) /// internal is defined on 0/1-0/5 (192.168.1.0/24)) --> Two Additonal switches for all computers and devices within 192.168.1.0/24

As it exists right now, I cannot manage the Dell switch from within the 192.168.1.0/24 subnet. I'd like to be able to. The switch is configured with the IP address of 192.168.200.250. (That is changeable.)

Initially, I thought I could plug in a second IP on the outside interface. Of course, that didn't work.

Then I thought that maybe I needed to create a static route to put packets destined for 192.168.200.0/24 onto the outside interface, but that didn't work. (Perhaps I need to define a firewall rule?)

What will work is applying a second IP on my server's NIC... say 192.168.200.201 and then plugging the 2808 into one of the switches post-ASA. But will this break anything?

I'd like to figure out how to do it all in the ASA, if possible.

Cheers,

m

Labels:
0 Helpful
3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

‎04-09-2013 01:04 PM

Hi,

if you set the default-gateway on the switch as the ASA outside interface then you should be able to communicate with the switch from inside as udp and tcp traffic is inspected when going from a higher security level to a lower security level and the return traffic is permitted( only icmp is not inspected by default).

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

mwhalen
Level 1
Level 1
In response to cadet alain

‎04-09-2013 01:37 PM

I am still learning about networking, so...

So, the IP address of the switch would be:

192.168.200.250

With a gateway of ... the public IP assigned to the outside interface on the ASA?

Or do you mean the gateway as seen from the internal lan: 192.168.1.254.

I'm having trouble understanding how the switch could even deal with the gateway that's not a part of the same subnet it's been put in...

Thank you!

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to mwhalen

‎04-09-2013 01:43 PM

£Hi,

the default gateway must be on the same subnet as the switch IP so as the switch is connected to outside of ASA then it should be outside IP of ASA.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents