04-23-2012 05:39 AM - edited 03-11-2019 03:57 PM
Greetings,
I have a ASA5505(base model) that my sales rep said would do what I need, but after trying to set it up I think I either need upgrades or a different product.
Allow me to explain what I'm trying to do and then hopefully someone will be able to advise. (note: I'm not super experienced with cisco gear, and will most likely be using the config gui software to setup and manage the device unless forced to use the shell.)
I have a /28 IP range from my isp, of which I'm trying to use 7 IPs, we'll say xxx.xxx.xxx.xx1 - .xx7
Behind the firewall is a Hyper-v server with multiple customer VMs on it. Each customer has a private NIC and a distinct subnet 192.168.1.x - 192.168.7.x
Each IP is connected to different internal network and needs to provide its own port forwarding rules as well as site-to-site vpn to that internal network. there will generally only be 1-2 devices on each internal network but they need to be segregated as they belong to different customers.
xxx.xxx.xxx.xx1 -->nat to --> 192.168.1.x with port forwarding and s2s vpn
xxx.xxx.xxx.xx2 -->nat to --> 192.168.2.x with port forwarding and s2s vpn
etc
The server is in the same rack as the firewall and is directly patched, so there is no trunking or switching concerns.
I get the feeling I'm either reinventing the wheel here or missing an obvious solution, but what I was trying to do was make 7 internal interfaces, (1 per switch port and assign each to be the gateway for its subnet, This looked great until I ran into a licence restriction, so here I am.
The above is my ideal situation, as each customer needs site to site vpn, and privacy. The cost is a factor, so I'm ok with paying for additional options on this unit, or buying another small product, but I'm not interested in spending 10k+ on some massive enterprise unit just to get 7 customers on 1 box.
Thank you for your time
Solved! Go to Solution.
04-23-2012 07:46 AM
The 5505 is limited to 3 VLANs if you are assigning VLANs per physical interface (data sheet specification).
If you use a trunk, you can configure up to 20 VLANs. The Security Plus license (ASA5505-SEC-PL=) is necessary. "show version" will tell you whether you have the Base or Security Plus license.
Here are the instructions for setting up a trunk with the GUI.
04-23-2012 05:48 PM
You're welcome.
As long as it supports 802.1q trunking (the Netgear specs says it does), you should be fine. The switch is strictly acting as a Layer 2 device in the context of this discussion.
Let us know how it turns out and rate the discussion / mark the question as answered if it helps.
04-23-2012 07:46 AM
The 5505 is limited to 3 VLANs if you are assigning VLANs per physical interface (data sheet specification).
If you use a trunk, you can configure up to 20 VLANs. The Security Plus license (ASA5505-SEC-PL=) is necessary. "show version" will tell you whether you have the Base or Security Plus license.
Here are the instructions for setting up a trunk with the GUI.
04-23-2012 01:18 PM
' fantastic news, just one follow up question. I would set up a trunk to pipe 13 vlans on 1 port to a managed switch that all my nics would connect to. Will a Layer 2 managed switch work for this? or do I need a layer 3 switch?
I have 1 of these kicking around and I'm hoping it'll work for at least the test lab.
Thanks again for all your help.
04-23-2012 05:48 PM
You're welcome.
As long as it supports 802.1q trunking (the Netgear specs says it does), you should be fine. The switch is strictly acting as a Layer 2 device in the context of this discussion.
Let us know how it turns out and rate the discussion / mark the question as answered if it helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide