Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA QUESTION - URGENT HELP PLEASE!!!

Hi - I am new to Cisco NetPro forum,

I have a dilemma/question relating to bridging two networks utilising an ASA 5505 device.

We are in the process of connecting two MPLS networks with a 4Mbps link, for example:

MPLS 1 Network address is 172.100.0.0/24 - there are remote branch networks that connect to this network and those remote branch networks address range are: 172.100.1.0/24, 172.100.2.0/24, 172.100.3.0/24 etc.

Now, the second MPLS (MPLS 2) network address is 192.168.1.0/24 and again this network also has remote branch networks connecting to it and those network address range are: 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24 etc.

We are in the middle of a company merger and are looking (in the short term) to bridge the two network utilising a spare ASA 5505 firewall, the requirements are that all 172.100.0.0/24 devices/traffic flow can connect to resources on the 192.168.0.0/24 network and vice versa - of course we will look at controlling which resource/service the 172.100.0.0 devices can contact using access lists.

All internet access for the 172.100.0.0 network will travel via 192.168.0.0 network.

We will connect the ASA on one end of the 4Mbps link, possibly on the 192.168.0.0 side.

My question to all experts - can you please recommend the best solution (with configuration examples) for the above scenario i.e. can I use the ASA 5505 as a bridge and if yes can you please help me?

I wait for your valued response or if you need any further information.

Regards / Eric

5 REPLIES

Re: ASA QUESTION - URGENT HELP PLEASE!!!

Eric,

Firstly the ASA cannot act as a lyer 2 bridge - get that idea out of your head now.

You cannot connect an MPLS circuit directly into the ASA, you will need to convert it from MPLS to IP.

So as long as you have a converter, the ASA can be used to sperate the networks and allow traffic to pass.

Config examples are @:-

https://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

A simple config would be something like:-

https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094768.shtml

HTH>

Community Member

Re: ASA QUESTION - URGENT HELP PLEASE!!!

Hi Andrew - thank you for you vlaued response,

I may have not explained correctly in my post - What we are trying to achive is to allow traffic flow between the two networks so placing the ASA in the middle to achive this - is this possible? If yes, can you peovide examples of configurations?

We will have a 4Mbps lease line connecting from one MPLS to the other but require both networks to be seperate.

Can you or someone help?

Many thanks for your valued support/answer.

Re: ASA QUESTION - URGENT HELP PLEASE!!!

Yes this is possible - the link I posted will give the config example you need to do this, you just substitue the IP subnets on the inside and outside.

HTH>

Community Member

Re: ASA QUESTION - URGENT HELP PLEASE!!!

Hi Andrew - thank you for your response,

Slightly confused - which link? your 2nd link is for a single internal network with internet connection??

Re: ASA QUESTION - URGENT HELP PLEASE!!!

Yes that's correct - the second link. for example in the inside you have 172.100.0.0/16 on the outside you have 192.168.0.0/16. You have a default route pointing to the 192.168.0.0/16 on the outside.

You then configure your rules and NAT accordingly.

HTH>

166
Views
0
Helpful
5
Replies
CreatePlease to create content