Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Have a asa5505, not sure is its the right product.

Greetings,

I have a ASA5505(base model) that my sales rep said would do what I need, but after trying to set it up I think I either need upgrades or a different product.

Allow me to explain what I'm trying to do and then hopefully someone will be able to advise. (note: I'm not super experienced with cisco gear, and will most likely be using the config gui software to setup and manage the device unless forced to use the shell.)

I have a /28 IP range from my isp, of which I'm trying to use 7 IPs,  we'll say xxx.xxx.xxx.xx1 - .xx7

Behind the firewall is a Hyper-v server with multiple customer VMs on it. Each customer has a private NIC and a distinct subnet 192.168.1.x - 192.168.7.x

Each IP is connected to different internal network and needs to provide its own port forwarding rules as well as site-to-site vpn to that internal network. there will generally only be 1-2 devices on each internal network but they need to be segregated as they belong to different customers.

xxx.xxx.xxx.xx1  -->nat to --> 192.168.1.x with port forwarding and s2s vpn

xxx.xxx.xxx.xx2 -->nat to --> 192.168.2.x with port forwarding and s2s vpn

etc

The server is in the same rack as the firewall and is directly patched, so there is no trunking or switching concerns.

I get the feeling I'm either reinventing the wheel here or missing an obvious solution, but what I was trying to do was make 7 internal interfaces, (1 per switch port and assign each to be the gateway for its subnet, This looked great until I ran into a licence restriction, so here I am.

The above is my ideal situation, as each customer needs site to site vpn, and privacy. The cost is a factor, so I'm ok with paying for additional options on this unit, or buying another small product, but I'm not interested in spending 10k+ on some massive enterprise unit just to get 7 customers on 1 box.

Thank you for your time

Everyone's tags (5)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Have a asa5505, not sure is its the right product.

The 5505 is limited to 3 VLANs if you are assigning VLANs per physical interface (data sheet specification).

If you use a trunk, you can configure up to 20 VLANs. The Security Plus license (ASA5505-SEC-PL=) is necessary. "show version" will tell you whether you have the Base or Security Plus license.

Here are the instructions for setting up a trunk with the GUI.

Hall of Fame Super Silver

Have a asa5505, not sure is its the right product.

You're welcome.

As long as it supports 802.1q trunking (the Netgear specs says it does), you should be fine. The switch is strictly acting as a Layer 2 device in the context of this discussion.

Let us know how it turns out and rate the discussion / mark the question as answered if it helps.

3 REPLIES
Hall of Fame Super Silver

Have a asa5505, not sure is its the right product.

The 5505 is limited to 3 VLANs if you are assigning VLANs per physical interface (data sheet specification).

If you use a trunk, you can configure up to 20 VLANs. The Security Plus license (ASA5505-SEC-PL=) is necessary. "show version" will tell you whether you have the Base or Security Plus license.

Here are the instructions for setting up a trunk with the GUI.

New Member

Have a asa5505, not sure is its the right product.

' fantastic news, just one follow up question. I would set up a trunk to pipe 13 vlans on 1 port to a managed switch that all my nics would connect to. Will a Layer 2 managed switch work for this? or do I need a layer 3 switch?

I have 1 of these kicking around and I'm hoping it'll work for at least the test lab.

http://www.cdw.com/shop/products/NETGEAR-ProSafe-GS716Tv2-switch-16-ports-managed-desktop/1993632.aspx

Thanks again for all your help.

Hall of Fame Super Silver

Have a asa5505, not sure is its the right product.

You're welcome.

As long as it supports 802.1q trunking (the Netgear specs says it does), you should be fine. The switch is strictly acting as a Layer 2 device in the context of this discussion.

Let us know how it turns out and rate the discussion / mark the question as answered if it helps.

376
Views
0
Helpful
3
Replies