First of all, I need help creating an efficient network topology, then secondly,
I need help configuring the ASA for:
1) PAT using one external IP. I need certain devices such as SMTP/Asterisk/Accounting Servers accessible from the outside. Do I use one port as my external interface and only 1 port as for my private network, or is it better to define three private ports (one for each switch)
2) QOS - traffic is *almost* completely segmented w/ exception of data and voice through cisco switch 192.168.0.87. I guess through the cisco switches I can prioritize the voip traffic with tags, but what is the role of the ASA or the proper way to do it (remember I know very little about all this). I have Cisco 7460 phones powered by the POE Cisco 3524 switches and every computer/phone has its own cat5e running to the switches.
3) Network topology suggestion and general ASA setup tips.
The ASA5510 is my only security appliance and it's going to be my firewall (including url filtering and spyware protection), router, workstation dhcp server
Networking is not my forte, and I am happy to pay someone to configure my network. Its very difficult finding qualified personnel locally.
Use the access-list to restrict traffic to a particular server [TCP/UPD/ICMP/etc]. If you need direct access to the server from outsite substitute "3389" for Remote Desktop Connection. Just remember to enable RDC on the server and permit the particular user to use RDC.
With what I have provided about, you should be able to setup the ASA5510 to permit access to all of your servers.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...