ASA 5510 setup

Darren Spooner · ‎05-16-2012

I have a client of my that contracted with some RFID company in CA to setup up the HQ ASA and 11 5505

they set up VPN to site to site on all sites back to HQ.

now that i am there the client want to add another 2 web server on the inside of the fire wall so i email the RFID company and they have been giving me carp. i have setup my firewall at the house (PIX515 with v8.04) with 5 ip address. the RFID compay said they they will have to reboot the ASA5510 and he could not put another ip on the interface. well i said ok but i just what i want to do NATing and emailed him the command that he would work but gave more crap. this time he said the VPN would break. i think the RFID company contracted a cisco person that know the ASA and they dont want to change the over all config.

so basicaly i would like to have someone help me convince the president of my client to go my way. smipley I think i would be better to use a domain name without PAT. my client has 16 IPs and the RFID dude only wants to use one.

ALIAOF_ · ‎05-18-2012

What you are being told that the ASA will need to be rebooted in order to add two web servers behind the firewall? I never heard of that, what is their logic? Will these servers be accessible from the public Internet? They don't have to add any IP's to the interface not sure what he meant by that.

All they have to do is setup a NAT for those servers from the pool of those 16 IP's and not mess with the main interface IP, that is the whole point of having those extra IP's.