05-17-2008 09:35 AM - edited 03-10-2019 04:06 AM
Hello all,
WARNING: I'm a newbie, first exposure to Cisco 3524 POE switches 1 month ago. Got an ASA5510 w/spyware last week and I'm clueless about configuration.
view my topology at:
http://mitechnologiesinc.com/mit-network-diagram.pdf
data machines on 192.168.0.xxx network
VOIP phones on 192.168.1.xxx network
First of all, I need help creating an efficient network topology, then secondly,
I need help configuring the ASA for:
1) PAT using one external IP. I need certain devices such as SMTP/Asterisk/Accounting Servers accessible from the outside. Do I use one port as my external interface and only 1 port as for my private network, or is it better to define three private ports (one for each switch)
2) QOS - traffic is *almost* completely segmented w/ exception of data and voice through cisco switch 192.168.0.87. I guess through the cisco switches I can prioritize the voip traffic with tags, but what is the role of the ASA or the proper way to do it (remember I know very little about all this). I have Cisco 7460 phones powered by the POE Cisco 3524 switches and every computer/phone has its own cat5e running to the switches.
3) Network topology suggestion and general ASA setup tips.
The ASA5510 is my only security appliance and it's going to be my firewall (including url filtering and spyware protection), router, workstation dhcp server
Networking is not my forte, and I am happy to pay someone to configure my network. Its very difficult finding qualified personnel locally.
05-18-2008 11:50 AM
1. Static NAT works for various tcp ports. This is the one for your mail server:
access-list 101 permit tcp any host
static (inside,outside) tcp
static (inside,outside) tcp
static (inside,outside) tcp
access-group 101 in interface outside
Use the access-list to restrict traffic to a particular server [TCP/UPD/ICMP/etc]. If you need direct access to the server from outsite substitute "3389" for Remote Desktop Connection. Just remember to enable RDC on the server and permit the particular user to use RDC.
With what I have provided about, you should be able to setup the ASA5510 to permit access to all of your servers.
05-19-2008 07:29 AM
Thanks you, samuellthomasjr.
The example accesslist is a very good start for the routing.
What you think about the network in itself? How should the ASA5510 interfaces be configured as far as design and best practices?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide