Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1752
Views
0
Helpful
3
Replies

How to config the ASA 5505 based on this topology?

Go to solution
Sil3ncer1986
Level 1
Level 1

‎11-13-2010 07:03 AM - edited ‎03-11-2019 12:09 PM

Hey, all. So, I have this topology where I have 2 servers config with static IP, a router, a switch config with VLANs 2 and 3 and several PC and laptop. Currently PCs on VLAN 2 will get their IP from server A which is also on VLAN 2. PCs on VLAN 3 will get their IP from server B which is also on VLAN 3. The router is configured with 2 subinterfaces and these subinterfaces act as the gateway for the PCs on different VLANs. I've tested this on Packet Tracer and it works.

So my question is this, based on the topology I've attached, how would I config the ASA 5505 when it is implemented in between the router and the switch? Keep in mind that the switch is configured with VLANs. I've also attached a copy of my PKT file so that you may see my config for the switches, router and end devices.

Labels:
75195-delta_electronics.pkt.zip
48 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
praprama
Cisco Employee
Cisco Employee
In response to Sil3ncer1986

‎11-14-2010 05:48 PM

Hi Hilmy,

Based on your original description, I see 2 ways of configuring the ASA:

1) Place ASA in transparent mode.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/fwmode.html#wp1201980

2) Configure your ASA using sub-interfaces (basically replacing your router) and then configure your router as the upstream device on the ASA.

It depends on whoch is most suitable for you.

Thanks and Regards,

Prapanch

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎11-13-2010 07:41 AM

Hilmy,

I am unable to open the .pkt.zip file.

The topo will look like this:

                                    Internet

                                         |

                                    ISP-router

                                         |

                                      vlan4

                                         |

Hosts-----R1--VLAN2---ASA---VLAN3--R1---Hosts

ASA will have legs on both VLAN2 and VLAN3.

On the router you would have to configure some route maps and say if the source ip comes from VLAN2 then set the next hop to the IP address configured on the ASA's vlan2 interface IP.

If the source traffic comes from VLAN3 subnet then set the next hop as ASA's VLAN3 IP address.

ASA's default route will point to ISP router.

-KS

0 Helpful

Go to solution
Sil3ncer1986
Level 1
Level 1
In response to Kureli Sankar

‎11-14-2010 01:55 AM

Hi Poonghuzali, I think you forgot that I have a switch in place which already has VLANs 2 and 3 configured. Oh, I also don't quite understand the following "

ASA will have legs on both VLAN2 and VLAN3.

On the router you would have to configure some route maps and say if the source ip comes from VLAN2 then set the next hop to the IP address configured on the ASA's vlan2 interface IP.

If the source traffic comes from VLAN3 subnet then set the next hop as ASA's VLAN3 IP address."

Configure route maps to examine source IP and then point the incoming traffic to the next hop? That sounds like access list. Am I wrong? I've re-attached the packet tracer file so you may see it.

75213-delta_electronics.zip
0 Helpful

Go to solution
praprama
Cisco Employee
Cisco Employee
In response to Sil3ncer1986

‎11-14-2010 05:48 PM

Hi Hilmy,

Based on your original description, I see 2 ways of configuring the ASA:

1) Place ASA in transparent mode.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/fwmode.html#wp1201980

2) Configure your ASA using sub-interfaces (basically replacing your router) and then configure your router as the upstream device on the ASA.

It depends on whoch is most suitable for you.

Thanks and Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card