I have two class C IP blocks that terminate on my router. I currently have been using an ASA 5520 to provide DMZ VLANs from one of those IP blocks and ignoring the other one. I am migrating to a 5585 now and want to add the second IP block as a series of VLANS. The current config is:
IP Addressing is as follows (not my real IPs, but representative of actual setup.
External: 18.104.22.168/24 and 22.214.171.124/24
Router inside interface address has both IP blocks set up as a primary and a secondary Address on the inside interface. Inside interface is 126.96.36.199/28
Current ASA 5520 has an address in the first IP block as my outside interface on GigE0/0 188.8.131.52/28
Gig E/01 is connected to my core switch and has an IP address on the internal block 10.1.10.2 (core switch acts as a router for internal networks)
Gig E/02 has several DMZs set up in the same IP block as the outside interface of the ASA 184.108.40.206/28 and 220.127.116.11/26. These are fed into my VSphere clusters as a trunk.
I'm assuming that I can move the existing config to the 5585 (working through the issues around updating to new code) and add the second IP block to GigE0/3 and then create my vlans/sub interfaces on GigE/04. Gig E/03 will be 18.104.22.168/28 (there are other devices on that IP block)
I think my two questions are, am I assuming correctly, and how do I set up a static route so that devices on GigE0/4 go out through GigE0/3 as their gateway because I want my corporate traffice to go through Gig E0/0 and my DMZ traffic that is mostly dev stuff to go through Gig E/03
I'm sorry if I sound like an idiot, i've done all the LAN work and have no problem with VLANs or getting things/keeping things running, but this one I figured i'd get some advice on.
Turns out that I cannot do this. I have to provide VPN via ipsec and anyconnect on one of the interfaces on the production side. I have 18 vlans on the second class C and I can ping my interfaces, but once there they don't know where to go. Obviously a routing issue. I have network identities for each network and device and have set up my NAT rules in a manner which I think is right.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...