reg:asa 5505 vlans

Unanswered Question
Jul 30th, 2008

Dear sir,

i have tipical problem is i have two servers connected to unmanagble switch and from that switch to connected to one of of the port eth0/0 and i taken output eth0/1 and i conncted to my pc through the firewall i want to access my servers

through the firewall.

but my doubt is we r trying to access the servers through the intranet .

server ip:i have two servers connected to unmanagble switch and from that switch to connected to one of of the port eth0/0 and i taken output eth0/1 and i conncted to my pc through the firewall i want to access my servers

server ip address:129.9.15.4 and 129.9.15.5 gateway:129.9.1.1

this setup will work or not because iam accessing the firewall from outside.

plz any tips plz ,iam vrygreatfull to cisco fourms.

regards

srini

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhanikonda Wed, 07/30/2008 - 08:04

Dear gilbert,

Iam vry thankfull to ur reply and i want to access these servers internally through the firewall so plz kindly tell me any other config for this.

Thanks&regards

srini

ggilbert Wed, 07/30/2008 - 08:33

Srini,

So, if you want to access these server internally through the firewall, there are two options

Optiona !:

you can create three interface on the ASA.

Outside

Inside

& DMZ

Put the servers on the DMZ interface. So, you should have a different network on the DMZ than the inside interface.

Lets say your inside interface is 192.168.1.x then you might want to give the DMZ interface the address 192.168.3.x which is a different network than your inside network.

Also, when you create the interface, you might want to make the security level as lower than the inside interface.

After that, you would need to create static translations. Since you will be going from the inside interface (which is a higher interface) to a DMZ interface (which is a lower interface), you would just need only static translations. If the servers needs to access or initiate the connection to your inside network then you need to configure an ACL to allow access from the DMZ to the inside interface.

Option B:

You can put the servers and everything on the inside interface and access them from your PC through internal IP address of the servers.

Hope this explains. Let me know if you want to follow Option A or Option B and send me the current config of the ASA.

Thanks

Gilbert

Actions

This Discussion