Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

Newbie Request for Assistance

Hey All,

Forgive my ignorance here, I am not that well versed in networking. I have some things in place that I’ve had running (and well) for the better part of two years. I recently acquired an ASA 5505, and have been trying to get it setup. My existing network devices/configuration consists of two Cisco SG300 L3 Switches (in L3 mode - these are doing inter vLAN routing) and an SA520W. How I have things setup today is I have the SA acting as my DG for any and all devices and hosts, the segments used are 172.24.XXX.2/24 with the XXX being the vLAN’ed segment, the VLAN’s that are setup SG’s are represented on the SA, and static routes are in place that point to the IP’s for the vLAN’s on the switches (I think I explained that correctly) again, all devices and hosts point to their respective GW on the SA.

Port’s 3 and 4 on the SA are configured as Trunk Ports, and carry all vLAN’s to the SG’s via port 10.

What I would like to do is represent that same configuration on the 5505 that said would some of you be so kind as to review my configuration here, and provide some guidance on what (if anything) needs to change. I when attached to e0/0 (the only port I’ve tried) can ping the 172.24.130.2 IP, but I cannot ping the IP of any of the other segments (in short I am looking to implement inter vLAN routing here as well). I am also hoping I can get some insight on what needs to be done to allow for access from any of these networks to the outside world……..To add another layer of (what I assume to be) complexity is I would like to eventually attach the SA to a port (or several) on the 5505 (DMZ) and have one of various wireless segments vLAN’s 2005 be able to reach what it needs to on any of the vLAN’s in the private network, and 2105 terminate at the SA……are these things possible?......if so can any of you assist?

Thank you

aXcelio

axc-cso-asa> en

Password:

axc-cso-asa# sh run

axc-cso-asa# sh running-config

: Saved

:

ASA Version 9.0(2)

!

hostname axc-cso-asa

domain-name root.corp

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface Ethernet0/0

switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105

switchport trunk native vlan 1

switchport mode trunk

!

interface Ethernet0/1

switchport access vlan 1405

switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105

switchport trunk native vlan 1

switchport mode trunk

!

interface Ethernet0/2

switchport access vlan 1505

switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105

switchport trunk native vlan 1

switchport mode trunk

!

interface Ethernet0/3

switchport access vlan 1605

switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105

switchport trunk native vlan 1

switchport mode trunk

!

interface Ethernet0/4

switchport access vlan 1605

switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105

switchport trunk native vlan 1

switchport mode trunk

!

interface Ethernet0/5

switchport access vlan 1705

switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105

switchport trunk native vlan 1

switchport mode trunk

!

interface Ethernet0/6

switchport access vlan 2305

switchport trunk allowed vlan 2005,2305

switchport trunk native vlan 1

!

interface Ethernet0/7

switchport access vlan 3905

!

interface Vlan1

description aXcelio - Default Network Segment

nameif aXce-24.130

security-level 100

ip address 172.24.130.2 255.255.255.0

!

interface Vlan1405

description aXcelio - Storage Network Segment (iSCSI Management)

nameif aXce-24.140

security-level 100

ip address 172.24.140.2 255.255.255.0

!

interface Vlan1505

description aXcelio - Storage Network Segment (iSCSI)

nameif aXce-24.150

security-level 100

ip address 172.24.150.2 255.255.255.0

!

interface Vlan1605

description aXcelio - Storage Network Segment (iSCSI)

nameif aXce-24.160

security-level 100

ip address 172.24.160.2 255.255.255.0

!

interface Vlan1705

description aXcelio - vManagement Network Segment

nameif aXce-24.170

security-level 100

ip address 172.24.170.2 255.255.255.0

!

interface Vlan1805

description aXcelio - vReplication Network Segment

nameif aXce-24.180

security-level 100

ip address 172.24.180.2 255.255.255.0

!

interface Vlan1905

description aXcelio - vmSystem Network Segment

nameif aXce-24.190

security-level 100

ip address 172.24.190.2 255.255.255.0

!

interface Vlan2005

description aXcelio - Client Network Segment

nameif aXce-24.200

security-level 100

ip address 172.24.200.2 255.255.255.0

!

interface Vlan2105

description aXcelio - Client Network Segment (Wireless)

nameif aXce-24.210

security-level 100

ip address 172.24.210.2 255.255.255.0

!

interface Vlan2305

description aXcelio - Perimeter Network Segment

nameif aXce-34.130

security-level 50

ip address 172.34.230.2 255.255.255.0

!

interface Vlan3905

description aXcelio - Fios Public Facing

nameif aXce-00.000

security-level 0

ip address dhcp setroute

!

ftp mode passive

dns server-group DefaultDNS

domain-name root.corp

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network obj_any

subnet 0.0.0.0 0.0.0.0

pager lines 24

logging asdm informational

mtu aXce-24.130 1500

mtu aXce-24.140 1500

mtu aXce-24.150 1500

mtu aXce-24.160 1500

mtu aXce-24.170 1500

mtu aXce-24.180 1500

mtu aXce-24.190 1500

mtu aXce-34.130 1500

mtu aXce-24.200 1500

mtu aXce-24.210 1500

mtu aXce-00.000 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 192.168.1.0 255.255.255.0 aXce-24.130

http 172.24.130.0 255.255.255.0 aXce-24.130

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet timeout 5

ssh timeout 5

console timeout 0

dhcp-client client-id interface aXce-00.000

dhcpd auto_config aXce-24.150

!

dhcpd address 172.24.130.200-172.24.130.254 aXce-24.130

dhcpd enable aXce-24.130

!

dhcpd address 172.24.140.200-172.24.140.254 aXce-24.140

dhcpd enable aXce-24.140

!

dhcpd address 172.24.150.200-172.24.150.254 aXce-24.150

dhcpd enable aXce-24.150

!

dhcpd address 172.24.160.200-172.24.160.254 aXce-24.160

dhcpd enable aXce-24.160

!

dhcpd address 172.24.170.200-172.24.170.254 aXce-24.170

dhcpd enable aXce-24.170

!

dhcpd address 172.24.180.254-172.24.180.254 aXce-24.180

dhcpd enable aXce-24.180

!

dhcpd address 172.24.190.200-172.24.190.254 aXce-24.190

dhcpd enable aXce-24.190

!

dhcpd address 172.34.230.200-172.34.230.254 aXce-34.130

dhcpd enable aXce-34.130

!

dhcpd address 172.24.200.200-172.24.200.254 aXce-24.200

dhcpd enable aXce-24.200

!

dhcpd address 172.24.210.200-172.24.210.254 aXce-24.210

dhcpd enable aXce-24.210

!

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

webvpn

anyconnect-essentials

username NetOPS password CLjkFfuIkwPbAFok encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

hpm topN enable

Cryptochecksum:0e983864974132248dfe3c2bf5a8fb99

: end

axc-cso-asa#

235
Views
0
Helpful
0
Replies
CreatePlease to create content