Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
5
Replies

ASA QUESTION - URGENT HELP PLEASE!!!

ababab2222
Level 1
Level 1

‎10-14-2008 12:27 AM - edited ‎03-11-2019 06:57 AM

Hi - I am new to Cisco NetPro forum,

I have a dilemma/question relating to bridging two networks utilising an ASA 5505 device.

We are in the process of connecting two MPLS networks with a 4Mbps link, for example:

MPLS 1 Network address is 172.100.0.0/24 - there are remote branch networks that connect to this network and those remote branch networks address range are: 172.100.1.0/24, 172.100.2.0/24, 172.100.3.0/24 etc.

Now, the second MPLS (MPLS 2) network address is 192.168.1.0/24 and again this network also has remote branch networks connecting to it and those network address range are: 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24 etc.

We are in the middle of a company merger and are looking (in the short term) to bridge the two network utilising a spare ASA 5505 firewall, the requirements are that all 172.100.0.0/24 devices/traffic flow can connect to resources on the 192.168.0.0/24 network and vice versa - of course we will look at controlling which resource/service the 172.100.0.0 devices can contact using access lists.

All internet access for the 172.100.0.0 network will travel via 192.168.0.0 network.

We will connect the ASA on one end of the 4Mbps link, possibly on the 192.168.0.0 side.

My question to all experts - can you please recommend the best solution (with configuration examples) for the above scenario i.e. can I use the ASA 5505 as a bridge and if yes can you please help me?

I wait for your valued response or if you need any further information.

Regards / Eric

Labels:
0 Helpful
5 Replies 5

andrew.prince
Level 10
Level 10

‎10-14-2008 12:49 AM

Eric,

Firstly the ASA cannot act as a lyer 2 bridge - get that idea out of your head now.

You cannot connect an MPLS circuit directly into the ASA, you will need to convert it from MPLS to IP.

So as long as you have a converter, the ASA can be used to sperate the networks and allow traffic to pass.

Config examples are @:-

https://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

A simple config would be something like:-

https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094768.shtml

HTH>

0 Helpful

ababab2222
Level 1
Level 1
In response to andrew.prince

‎10-14-2008 12:58 AM

Hi Andrew - thank you for you vlaued response,

I may have not explained correctly in my post - What we are trying to achive is to allow traffic flow between the two networks so placing the ASA in the middle to achive this - is this possible? If yes, can you peovide examples of configurations?

We will have a 4Mbps lease line connecting from one MPLS to the other but require both networks to be seperate.

Can you or someone help?

Many thanks for your valued support/answer.

0 Helpful

andrew.prince
Level 10
Level 10
In response to ababab2222

‎10-14-2008 01:11 AM

Yes this is possible - the link I posted will give the config example you need to do this, you just substitue the IP subnets on the inside and outside.

HTH>

0 Helpful

ababab2222
Level 1
Level 1
In response to andrew.prince

‎10-14-2008 01:20 AM

Hi Andrew - thank you for your response,

Slightly confused - which link? your 2nd link is for a single internal network with internet connection??

0 Helpful

andrew.prince
Level 10
Level 10
In response to ababab2222

‎10-14-2008 01:27 AM

Yes that's correct - the second link. for example in the inside you have 172.100.0.0/16 on the outside you have 192.168.0.0/16. You have a default route pointing to the 192.168.0.0/16 on the outside.

You then configure your rules and NAT accordingly.

HTH>

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card