ASA 5520 Configuration for Internet Access from Different VLAN
PLEASE HELP ME FOR THE CONFIGURATION....REQUIRE YOUR EXPERT HELP
I'm new in ASA configuration, please help me out for my requirement in Campus LAN internet access from different VLAN ( Defalt VLAN 1, is down in all Cisco Switch for security reason, starting from Vlan 2 and so on near about 40 VLANS are there )
I have attached my Network Arch for your ready reference. The brief scionarion are as follows:-
1. In Core Switch 1 ( VTP Server ) all 40 VLANs are created, Core Switch 2 is in standy by ( VTP Mode Client )
2. ASA Outside interface connecetd with Internet Router's Fa0/1, I don't know what IP should I give in both of the Router & ASA interface.
3. Internet Router Fa0/0 ( 188.8.131.52/30 ) connected with ISP 3 MB Internet link, Gateway Next Hop 184.108.40.206/30
4. ISP has given me 6 more Public IP for my Web Server in DMZ Lan, out of 6 I need atleast 4 ip for those server, maximum 2 I can use for any other purpose like if required in ASA & Router Interface or Nat pooling etc. The segment is 220.127.116.11/29
5. ISP provided me the Public DNS as 18.104.22.168 & 181
6. Core1 connected to Firewall with a /30 IP, Core switch side 22.214.171.124/30 and ASA inside interface 126.96.36.199/30
7. The DMZ switch is L2 Cisco switch 2960 with no IP address, ASA Outside interface 188.8.131.52/24
8. All the DMZ server IP in 184.108.40.206/24 segment
9. All VLANs are Routed through Inter VLAN routing in L3 Switch ( IP Routing )....no dynamic routing used.
10. The Inside ( 172.16.34.0, 172.16.100.0, 172.20.40.0 ) LAN and DMZ ( 220.127.116.11 ) are configured and working fine with required NAT, Access Rule, Routing etc....
11. The current ASA configuration is also attached for your ready ref.
12. The Core switch VLAN segments like as below:----
My Requirements:- Please help me with your kind expert advice to configure the following scinario.
1st which is required immediate....
# I need to configure my ASA, Router & L3 in such a way that Internet should be accessed from End user PC, that means from end user PC only the public DNS can be resolved without any Proxy.
2nd which is required later.....
# I will install a Proxy server also Local DNS with in next 30 days, so that user have to use internet thriugh Proxy & URL filtering will be activated, at the same time DNS request will come to Local DNS and then it will get resolved by Public DNS
3rd which is also require ASAP
# The DMZ server can also reach Internet as well from Internet user can get into DMZ server.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...