Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1276
Views
0
Helpful
5
Replies

ASA 5505 help

konstaninosoregano
Level 1
Level 1

‎10-23-2007 07:29 AM - edited ‎03-11-2019 04:29 AM

hi guys.

i would like to know how to provide access from all my vlans that reside on my asa 5505 to certain network resources, such as mail server,file srv, network printers....

my network layout is as follows:

2811=>ASA5505=>CATALYST Express 500

the 2811 only connects to the internet, and with static nat, gives everything that comes to my public ip to its inside fa0/0. the asa then does everything else. all the vlans reside on the asa5505, and all the routing and natting happens on the asa5505.

I have enabled the inter and intra-vlan routing, but no success.

example:

i want a client that reside on vlan2 with an ip of 192.168.2.5 and default gateway 192.168.2.1 (asa5505) to be able to access a printer on 192.168.3.11(vlan3) and a client on 192.168.3.23(vlan3) to be able to access the mail server on 192.168.2.2(vlan2)

Please Help?!?!?!

Labels:
0 Helpful
5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

‎10-23-2007 08:19 AM

How many VLANs do you have? Do you want everything to communicate between the VLANs or just somethings like printing?

0 Helpful

konstaninosoregano
Level 1
Level 1
In response to Collin Clark

‎10-23-2007 08:22 AM

i have 3 vlans.

i dont want everything to communicate amongst eachother in the vlans.

i want all users from all vlans to be able to have access to my mailserver,to network printers, and a network storage.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to konstaninosoregano

‎10-23-2007 08:36 AM

You'll need to look at doing same security interfaces or NAT, along with ACLs. You need to document IPs, ports, and protocols for communications between systems. Once that is done you can start to make configuration changes.

0 Helpful

konstaninosoregano
Level 1
Level 1
In response to Collin Clark

‎10-23-2007 08:48 AM

i already have all of this documented.

what type of config changes do i need to make?

when you say protocols, you mean smtp,http etc,dns etc??

my server resides at 192.168.2.2

my network printer is 192.168.3.11

i need users from all vlans to be able to access the above mentioned network resources.

i am posting my asa 5505 config so you can better understand, so you could perhaps help me better!thank you!!

Preview file
7 KB
0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to konstaninosoregano

‎10-24-2007 05:23 AM

Here is what I would do. I would permit same-security interface.

By default, interfaces on the same security level cannot communicate with each other. Allowing

communication between same security interfaces lets traffic flow freely between all same security

interfaces without access lists.

If you enable same security interface communication, you can still configure interfaces at different

security levels as usual.

To enable interfaces on the same security level so that they can communicate with each other, enter the

following command:

hostname(config)# same-security-traffic permit inter-interface

To disable this setting, use the no form of this command.

Then create an ACL to allow traffic from your host on one network to the printer, storage, etc on the other.

Example:

access-list extended inside1_to_inside2 permit tcp 192.168.2.0 255.255.255.0 host 192.168.3.5 eq 9100

Don't forget to apply the ACL to the interface and in the right direction.

access-group inside1_to_inside2 in interface inside1

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card