04-12-2013 02:38 AM - edited 03-11-2019 06:27 PM
hi there
i have network 10.7.10.0/22 conected by mpls router and conected by cisco router adsl for internet
ip for mpls router 10.7.10.1/22
ip for adsl 10.7.10.2/22
i want to install and configure cisco asa 5510 new
i cannot access to thes routers so i cannot change ip inteface and my network subnet
when i try to configure e0/0 outside network with ip 10.7.10.3
and e0/1 inside 10.7.10.4 with same subnet refuse by cisco asa
so in this sierno how i can configure it
and i want two route one for mpls
one for internet
i want full configure to make it and make good secuirty for my network
king regards
Solved! Go to Solution.
04-12-2013 10:37 AM
Hello Mohammed,
by default the asa firewall is on routed mode, this will lead to use different Ip address ( on different broadcast domains) on each of it's interfaces.
What you are looking for is to have the ASA in transparent mode,
http://blog.ine.com/2008/09/29/transparent-mode-firewall-guidelines/
remember to rate all of the helpful posts
Hope this helps
Julio
04-12-2013 12:47 PM
Hello Mohammed,
I have no access to a box right now,
Is there a way you could open a case with TAC so we can configure it for you from scratch?
Regards
04-12-2013 12:53 PM
Hello Mohammed,
what version you have on your ASA?
04-12-2013 12:58 PM
Hello Mohammed,
let's say you will connect the interface fas 0/0 to the cisco router ( outside) , then the fas 0/1 to the inside MPLS
conf te
ip address 10.7.10.4 255.255.252.0
int fast 0/0
nameif outside
no shut
interface fast 0/1
nameif inside
no shut
route outside 0.0.0.0 0.0.0.0 10.7.10.2 ( This is for traffic to the asa or from the asa itself)
In your scenario the inside users will use the MPLS router as their default gateway but if they want to go to the internet they must go to the outside cisco router and for that they must go through the asa
got it?
Regards
04-12-2013 01:05 PM
Hello,
there is none, that is the purpose of this configuration,
the same ip will be used on both inside and outside,
read the documents I provide you for further explanation
regards
04-12-2013 01:07 PM
MPLS router------ASA------Cisco Router
All of this is on the same broadcast domain
04-12-2013 01:27 PM
Hello,
You can do it on the ASA ( NAT on transparent mode is supported as long as you do not use the managment ip address , in this case is 10.7.10.4..
Example of nat
static ( inside,outside) 10.7.10.50 x.x.x.x ( here it goes the real ip address )
regards
04-12-2013 08:20 AM
???
04-12-2013 10:37 AM
Hello Mohammed,
by default the asa firewall is on routed mode, this will lead to use different Ip address ( on different broadcast domains) on each of it's interfaces.
What you are looking for is to have the ASA in transparent mode,
http://blog.ine.com/2008/09/29/transparent-mode-firewall-guidelines/
remember to rate all of the helpful posts
Hope this helps
Julio
04-12-2013 11:05 AM
THANKS JUILO
but transpert mode will be good in secure my network and i can puplish web server and exchange server and protect my network and access to two network as i sent in my qustion
i mean user if i put gw ip for asa
can access to inernet by defult route
and access to server in other network conected by mpls router
04-12-2013 11:09 AM
Hello Mohamed,
Well it's going to be a bump in the wire.. so It will still protect your network but your DG shoul be pointing to the outside router,
the asa will be in between the mpls router and outside cisco router, all traffic will traverse the ASA and will be restricted as configured
remember to rate all of the helpful posts
regards,
Julio
04-12-2013 12:08 PM
thanks again
can u please configure as i want
and DG in my case u mean put it adsl router ip =10.7.8.9
04-12-2013 12:22 PM
What ado you mean configure it?
Regards,
04-12-2013 12:44 PM
yes
runing confige as same case
04-12-2013 12:47 PM
Hello Mohammed,
I have no access to a box right now,
Is there a way you could open a case with TAC so we can configure it for you from scratch?
Regards
04-12-2013 12:51 PM
no problem and thank u very much
i dont want to configure it by remotly i just mean runing configue like my sanerio only to understand the point
04-12-2013 12:53 PM
Hello Mohammed,
what version you have on your ASA?
04-12-2013 12:54 PM
5510 ver 8.0(2)
04-12-2013 12:58 PM
Hello Mohammed,
let's say you will connect the interface fas 0/0 to the cisco router ( outside) , then the fas 0/1 to the inside MPLS
conf te
ip address 10.7.10.4 255.255.252.0
int fast 0/0
nameif outside
no shut
interface fast 0/1
nameif inside
no shut
route outside 0.0.0.0 0.0.0.0 10.7.10.2 ( This is for traffic to the asa or from the asa itself)
In your scenario the inside users will use the MPLS router as their default gateway but if they want to go to the internet they must go to the outside cisco router and for that they must go through the asa
got it?
Regards
04-12-2013 01:04 PM
nameif inside
where is ip interface her in inside>> .............. and this will be contected to switch
04-12-2013 01:05 PM
and mpls router will be in same switch coneted by lan network
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide