Here is the configuration on the Router. Curently there are 3 switches connected to the router having 3 different networks. There are no Vlans on the switch. I need to insert the Firewall between the Router and the 3 switches.

I need help with the configuration

interface Loopback0

ip address 10.17.*.* 255.255.255.0

!

interface GigabitEthernet0/0

description Client LAN

ip address 192.168.155.1 255.255.255.0

ip access-group cnet-in in

no ip redirects

no ip proxy-arp

ip accounting output-packets

ip nat inside

ip inspect SDM_LOW out

ip virtual-reassembly in

duplex auto

speed auto

media-type rj45

no mop enabled

service-policy output manage-gnet-bandwidth-out

!

interface GigabitEthernet0/1

description DMZ LAN

ip address 172.16.1.1 255.255.255.0

ip access-group dmz61in in

no ip redirects

no ip proxy-arp

ip accounting output-packets

ip nat inside

ip inspect SDM_LOW out

ip virtual-reassembly in

duplex auto

speed auto

media-type rj45

no mop enabled

!

interface FastEthernet0/0/0

description Internet

switchport access vlan 10

no ip address

!

interface FastEthernet0/0/1

description MPLS

switchport access vlan 20

no ip address

!

interface FastEthernet0/0/2

description IT LAN

switchport access vlan 30

no ip address

!

interface FastEthernet0/0/3

no ip address

shutdown

!

interface FastEthernet0/1/0

no ip address

shutdown

!

interface FastEthernet0/1/1

no ip address

shutdown

!

interface FastEthernet0/1/2

description Delaware Network

switchport access vlan 50

no ip address

!

interface FastEthernet0/1/3

no ip address

shutdown

!

interface Vlan1

no ip address

!

interface Vlan10

description Internet

ip address 205.*.*.*.* 255.255.255.252

ip access-group Inet-In in

no ip redirects

no ip proxy-arp

ip nat outside

ip inspect SDM_LOW out

ip virtual-reassembly in

load-interval 30

no mop enabled

crypto map SDM_CMAP_1

!

interface Vlan20

description MPLS

ip address 10.100.0.7 255.255.255.252

!

interface Vlan30

description IT LAN

ip address 10.60.0.1 255.255.0.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan50

description Delaware Network

ip address 172.16.2.1 255.255.255.0

ip access-group Del-in in

ip access-group Del-out out

ip nat inside

ip inspect SDM_LOW out

ip virtual-reassembly in

!

!

I need to configure and install an ASA 5525. I have attached the picture

There are three networks (192.168.0.*, 176.16.1.*, 10.50.0.*) configured on the router(Router IP's are 192.168.0.1,172.16.1.1,10.60.0.1 ) and it is connected to 3 switches (IP addresses are 192.168.0.4,172.16.1.4,10.60.0.4)

Now I need to install a Cisco ASA 5525 Firewall between the Router and the Switches. May I know how to configure ASA for this

Hi Purple,

You scenario is like this

                                   Rtr

                                     |

                                   ASA

                                   / | \

                                S1 S2 S3

You can make your ASA as the gateway instead of router. Means all .1 ip's to be configured on the interfaces of the ASA.

interface GigabitEthernet0/1

nameif inside 1

security-level 98

ip address 192.168.0.1 255.255.255.0

!

interface GigabitEthernet0/2

nameif inside2

security-level 100

ip address 172.16.1.1 255.255.255.0

!

interface GigabitEthernet0/3

nameif inside3

security-level 99

ip address 10.60.0.1 255.255.255.0

!

interface GigabitEthernet0/3

nameif inside3

security-level 99

ip address 10.60.0.1 255.255.255.0

!

interface GigabitEthernet0/0

  nameif outside

security-level 0

ip address SNM

!

If you assign public ip's between your router and asa do NAT policy applied. If you are doing the NAT in router then create the ACL rules for each inside LAN and route it with the default route in asa.

route 0.0.0.0 0.0.0.0

Please do rate if the given information helps.

By

Karthik