Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

how enable the access local lan

i have configuration my network infrastructure with the asa5505 like on image. i want that my users from lan 10.13.10.0/24 can to access to my LAN 192.168.0.0/24. can i use just routing or i must to use site to site VPN. how can i do it? how configure my asa 5505.on my LAN1 there's DHCP. From LAN side of my asa5505 i must disable DHCP.In my LAN1 i have DNS,Domain Controller. The users from my LAN3 need to access to LAN1 because of authentication and access to resources and programs. i attached my picture with configuration.

Plz help me

Thnks

2 REPLIES
Purple

how enable the access local lan

Hi,

if LAN3 interface is configured with a higher security level than LAN1 then you can initiate communication from LAN3 through the ASA to LAN 1 and the return traffic will pass through without any problem with one exception which is ICMP( like ping for example).

For this ICMP return traffic you can do 2 things:

-enable ICMP inspection in global config

- configure an ACL permitting this traffic and apply it inbound on the lower security level interface

Concerning NAT, as the default is now no nat-control it is not mandatory anymore for traffic to pass through.

Regards.

Alain

Don't forget to rate helpful posts.

how enable the access local lan

If you are running Firewall image version 8.25 or lower, the below config will do, what you want to do.

---------------------------------------------------------------------------------------------------------------------

access-list acl-ALLOW-NAT extended permit ip 10.13.10.0 255.255.255.0 any

global (outside) 1 interface
nat (inside) 1 access-list acl-ALLOW-NAT

route inside 10.13.10.0 255.255.255.0 10.13.74.1

--------------------------------------------------------------------------------------------------------------------

What is your firewall image version?

Thanks

Rizwan Rafeek

195
Views
0
Helpful
2
Replies
CreatePlease to create content