06-04-2007 12:26 PM - edited 03-11-2019 03:24 AM
Hi All,
I just purchased a new ASA5510 to replace our old firewall. With help from experts in the forum, the device is configured to have an inside, outside and dmz interfaces. Now here's my question, how should/do i subnet my IP block?
My ISP has given me a block of IPs x.x.x.32/27. In my current setup the ISP gateway is x.x.x.33/27, my old firewall gateway is on x.x.x.34/27, two VPN gateways on x.x.x.37 and x.x.x.40/27. My three gateways are running parallel. I have 2 machines setup with one to one nat to provide web services on x.x.x.35/27 and x.x.x.36/27. I have a DMZ setup with x.x.x.55/27 to x.x.x.62/27.
I was thinking having the first x.x.x.32/29 block for the devices running parallel to the new firewall. The second x.x.x.40/29 block for my outside interface (and one to one NATs) and the last block of x.x.x.48/28 for my DMZ interface. Does this sound ok?
If I proceed with the config, what IPs would I assign to the devices running in parallel? For example, if i choose to give the x.x.x.35 ip to my VPN gateway, would I assign it x.x.x.35/27 or x.x.x.35/29 IP?
Thanks for your reply.
06-05-2007 12:07 AM
Hi
1) Your addressing scheme is fine. Bear in mind that you could just use a private IP address range for your DMZ and just setup static translations using some of your public IP addresses.
There is nothing wrong with breaking up your /27 subnet into 3 x /29 but you keep losing addresses this way as the network and broadcast addresses are not useable. But if you have enough public addresses then fine.
2) You will need to use the /29 subnet mask otherwise the route lookups could go wrong.
HTH
Jon
06-06-2007 11:29 AM
Hi Jon,
Thanks for your reply.
Does this look right? Or should I be putting the 3 perimeter devices and the machines with one to one NAT (inside, outside) on the same subnet?
EDIT: the IP for VPN-1 should be 111.111.111.35/29
06-11-2007 12:11 PM
Any suggestions for the above diagram?
Thanks for your help in advance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide