Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Newbie: Basic setup/configuration help with ASA5510 (1 Data, 1 VOIP Subnet)

Hello all,

WARNING: I'm a newbie, first exposure to Cisco 3524 POE switches 1 month ago. Got an ASA5510 w/spyware last week and I'm clueless about configuration.

view my topology at:

data machines on network

VOIP phones on network

First of all, I need help creating an efficient network topology, then secondly,

I need help configuring the ASA for:

1) PAT using one external IP. I need certain devices such as SMTP/Asterisk/Accounting Servers accessible from the outside. Do I use one port as my external interface and only 1 port as for my private network, or is it better to define three private ports (one for each switch)

2) QOS - traffic is *almost* completely segmented w/ exception of data and voice through cisco switch I guess through the cisco switches I can prioritize the voip traffic with tags, but what is the role of the ASA or the proper way to do it (remember I know very little about all this). I have Cisco 7460 phones powered by the POE Cisco 3524 switches and every computer/phone has its own cat5e running to the switches.

3) Network topology suggestion and general ASA setup tips.

The ASA5510 is my only security appliance and it's going to be my firewall (including url filtering and spyware protection), router, workstation dhcp server

Networking is not my forte, and I am happy to pay someone to configure my network. Its very difficult finding qualified personnel locally.

Community Member

Re: Newbie: Basic setup/configuration help with ASA5510 (1 Data,

1. Static NAT works for various tcp ports. This is the one for your mail server:

access-list 101 permit tcp any host eq smtp

static (inside,outside) tcp smtp smtp netmask 0 0

static (inside,outside) tcp smtp pop3 netmask 0 0

static (inside,outside) tcp smtp http netmask 0 0

access-group 101 in interface outside

Use the access-list to restrict traffic to a particular server [TCP/UPD/ICMP/etc]. If you need direct access to the server from outsite substitute "3389" for Remote Desktop Connection. Just remember to enable RDC on the server and permit the particular user to use RDC.

With what I have provided about, you should be able to setup the ASA5510 to permit access to all of your servers.

Community Member

Re: Newbie: Basic setup/configuration help with ASA5510 (1 Data,

Thanks you, samuellthomasjr.

The example accesslist is a very good start for the routing.

What you think about the network in itself? How should the ASA5510 interfaces be configured as far as design and best practices?

CreatePlease to create content