04-23-2012 05:39 AM - edited 03-11-2019 03:57 PM
Greetings,
I have a ASA5505(base model) that my sales rep said would do what I need, but after trying to set it up I think I either need upgrades or a different product.
Allow me to explain what I'm trying to do and then hopefully someone will be able to advise. (note: I'm not super experienced with cisco gear, and will most likely be using the config gui software to setup and manage the device unless forced to use the shell.)
I have a /28 IP range from my isp, of which I'm trying to use 7 IPs, we'll say xxx.xxx.xxx.xx1 - .xx7
Behind the firewall is a Hyper-v server with multiple customer VMs on it. Each customer has a private NIC and a distinct subnet 192.168.1.x - 192.168.7.x
Each IP is connected to different internal network and needs to provide its own port forwarding rules as well as site-to-site vpn to that internal network. there will generally only be 1-2 devices on each internal network but they need to be segregated as they belong to different customers.
xxx.xxx.xxx.xx1 -->nat to --> 192.168.1.x with port forwarding and s2s vpn
xxx.xxx.xxx.xx2 -->nat to --> 192.168.2.x with port forwarding and s2s vpn
etc
The server is in the same rack as the firewall and is directly patched, so there is no trunking or switching concerns.
I get the feeling I'm either reinventing the wheel here or missing an obvious solution, but what I was trying to do was make 7 internal interfaces, (1 per switch port and assign each to be the gateway for its subnet, This looked great until I ran into a licence restriction, so here I am.
The above is my ideal situation, as each customer needs site to site vpn, and privacy. The cost is a factor, so I'm ok with paying for additional options on this unit, or buying another small product, but I'm not interested in spending 10k+ on some massive enterprise unit just to get 7 customers on 1 box.
Thank you for your time
Solved! Go to Solution.
04-23-2012 07:46 AM
The 5505 is limited to 3 VLANs if you are assigning VLANs per physical interface (data sheet specification).
If you use a trunk, you can configure up to 20 VLANs. The Security Plus license (ASA5505-SEC-PL=) is necessary. "show version" will tell you whether you have the Base or Security Plus license.
Here are the instructions for setting up a trunk with the GUI.
04-23-2012 05:48 PM
You're welcome.
As long as it supports 802.1q trunking (the Netgear specs says it does), you should be fine. The switch is strictly acting as a Layer 2 device in the context of this discussion.
Let us know how it turns out and rate the discussion / mark the question as answered if it helps.
04-23-2012 07:46 AM
The 5505 is limited to 3 VLANs if you are assigning VLANs per physical interface (data sheet specification).
If you use a trunk, you can configure up to 20 VLANs. The Security Plus license (ASA5505-SEC-PL=) is necessary. "show version" will tell you whether you have the Base or Security Plus license.
Here are the instructions for setting up a trunk with the GUI.
04-23-2012 01:18 PM
' fantastic news, just one follow up question. I would set up a trunk to pipe 13 vlans on 1 port to a managed switch that all my nics would connect to. Will a Layer 2 managed switch work for this? or do I need a layer 3 switch?
I have 1 of these kicking around and I'm hoping it'll work for at least the test lab.
Thanks again for all your help.
04-23-2012 05:48 PM
You're welcome.
As long as it supports 802.1q trunking (the Netgear specs says it does), you should be fine. The switch is strictly acting as a Layer 2 device in the context of this discussion.
Let us know how it turns out and rate the discussion / mark the question as answered if it helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: