cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
732
Views
0
Helpful
3
Replies

Have a asa5505, not sure is its the right product.

mikeschietinger
Level 1
Level 1

Greetings,

I have a ASA5505(base model) that my sales rep said would do what I need, but after trying to set it up I think I either need upgrades or a different product.

Allow me to explain what I'm trying to do and then hopefully someone will be able to advise. (note: I'm not super experienced with cisco gear, and will most likely be using the config gui software to setup and manage the device unless forced to use the shell.)

I have a /28 IP range from my isp, of which I'm trying to use 7 IPs,  we'll say xxx.xxx.xxx.xx1 - .xx7

Behind the firewall is a Hyper-v server with multiple customer VMs on it. Each customer has a private NIC and a distinct subnet 192.168.1.x - 192.168.7.x

Each IP is connected to different internal network and needs to provide its own port forwarding rules as well as site-to-site vpn to that internal network. there will generally only be 1-2 devices on each internal network but they need to be segregated as they belong to different customers.

xxx.xxx.xxx.xx1  -->nat to --> 192.168.1.x with port forwarding and s2s vpn

xxx.xxx.xxx.xx2 -->nat to --> 192.168.2.x with port forwarding and s2s vpn

etc

The server is in the same rack as the firewall and is directly patched, so there is no trunking or switching concerns.

I get the feeling I'm either reinventing the wheel here or missing an obvious solution, but what I was trying to do was make 7 internal interfaces, (1 per switch port and assign each to be the gateway for its subnet, This looked great until I ran into a licence restriction, so here I am.

The above is my ideal situation, as each customer needs site to site vpn, and privacy. The cost is a factor, so I'm ok with paying for additional options on this unit, or buying another small product, but I'm not interested in spending 10k+ on some massive enterprise unit just to get 7 customers on 1 box.

Thank you for your time

2 Accepted Solutions

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

The 5505 is limited to 3 VLANs if you are assigning VLANs per physical interface (data sheet specification).

If you use a trunk, you can configure up to 20 VLANs. The Security Plus license (ASA5505-SEC-PL=) is necessary. "show version" will tell you whether you have the Base or Security Plus license.

Here are the instructions for setting up a trunk with the GUI.

View solution in original post

You're welcome.

As long as it supports 802.1q trunking (the Netgear specs says it does), you should be fine. The switch is strictly acting as a Layer 2 device in the context of this discussion.

Let us know how it turns out and rate the discussion / mark the question as answered if it helps.

View solution in original post

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

The 5505 is limited to 3 VLANs if you are assigning VLANs per physical interface (data sheet specification).

If you use a trunk, you can configure up to 20 VLANs. The Security Plus license (ASA5505-SEC-PL=) is necessary. "show version" will tell you whether you have the Base or Security Plus license.

Here are the instructions for setting up a trunk with the GUI.

' fantastic news, just one follow up question. I would set up a trunk to pipe 13 vlans on 1 port to a managed switch that all my nics would connect to. Will a Layer 2 managed switch work for this? or do I need a layer 3 switch?

I have 1 of these kicking around and I'm hoping it'll work for at least the test lab.

http://www.cdw.com/shop/products/NETGEAR-ProSafe-GS716Tv2-switch-16-ports-managed-desktop/1993632.aspx

Thanks again for all your help.

You're welcome.

As long as it supports 802.1q trunking (the Netgear specs says it does), you should be fine. The switch is strictly acting as a Layer 2 device in the context of this discussion.

Let us know how it turns out and rate the discussion / mark the question as answered if it helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: