Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 8.0.5 Routing Question

Our office has a number of remote employees that use ASA 5505 boxes to access resources and connect their IP phones to our office.  These boxes all connect through a pair of redundant ASA 5510 firewalls.  When we configure these 5505 boxes, we used to test them by connecting though a secondary circuit that we had set up.  We have recently eliminated that circuit to help cut costs, so I am wondering if there is a way to set up one of my internal VLANS to have the correct access and rout to my external gateway to allow us to test the ASA boxes.  Thanks for the help.  

4 REPLIES
New Member

Good Afternoon!It is likely

Good Afternoon!

It is likely that your remote locations contain the same configuration. I would take a previous configuration and apply it to the ASA you are getting ready to deploy. Given that you have the correct IP address and route outside setup. You should be able to reach the device using SSH to fix anything that is not working properly.

You will need to make sure:

1. Outside interface is setup properly

2. Route outside is correct

3. SSH is open to your IP address or 0.0.0.0 will open it up to everyone

4. Remeber to generate an RSA key; it is required to be able to SSH to the firewall. 

 

Hope this helps you out!

Cheers!

Ryan

New Member

Perhaps I didn't explain my

Perhaps I didn't explain my problem very well.  All of our remote ASAs are working fine.  The issue I have is I need to be able to test new ASA boxes before I send them out.  The only network I have available in our office now is the inside side of our ASA 5510, so I need to configure some kind of loopback so a 5505 connected from the inside will be able to reach the outside IP of the 5510.  I can obviously take them offsite to test, but that's a lot less convenient.  Thanks for the help.  

VIP Green

The ability to do this will

The ability to do this will depend on a few things:

1. do you have available addresses that are on the same subnet as the outside interface? If you are only allocated 1 IP (your subnet mask is /30) then what I am suggesting is not possible.

2. You have 3 available ports on your switch, or are able to place a switch between the ASA and the ISP default gateway.

If you have this, then you could configure a new VLAN on the switch, place 3 ports in that new VLAN and then connect the ASA outside interface to one port and the ISP connection to the other port.  The 3rd port will be used for the ASA5505 test.

If you are not able to set it up this way, then there is no way of testing this from the office.  An option would be to take the ASA5505 home and test from there. Not the best option but doable.

--

Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
VIP Green

I am assuming that you are

I am assuming that you are setting this up to test site2site vpn setups?  Just for more info. the ASA is designed to not allow any connection across the ASA to another interface.  You will only be able to create a connection to the ingress interface.  you will not even be allowed to ping an interface that is not the ingress interface.

--

Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
122
Views
0
Helpful
4
Replies
CreatePlease login to create content