Our company has finally outgrown our home user 3Com firewall unit. We have recently purchased our ASA 5510. This is my first exposure to the Cisco world, please pardon me if this question comes off as stupid.
I have a simple network of around 50 clients and a handful of servers. Does the ASA need a router between itself and the other networks that it is attached to? For instance, do I need a router between the inside network and the ASA, and then another router between the ASA and the outside network?
You don't need a router between the ASA and the inside, or the ASA and the outside. The ASA5510 has multiple interfaces. Generally, it is set up with an inside, dmz, and outside interface. The inside interface will have an inside IP address (The address is your default gateway for your internal clients). The outside interface will have a public IP address or one provided to you by your ISP. You cannot plug a T1 line into the ASA. The ASA can only handle ethernet. So, if you have a DSL line for internet, you will need to run the ethernet cable from the DSL modem out to the ASA. If you have a t1 or partial T1, Frame relay, etc. you will have to run the line into a router and then ethernet from the router to the ASA. I suspect that you will be able to just take the same cable that your 3Com had running into it, and switch that to the ASA outside interface. The ASA will handle routing packets from the inside to the outside. There are a number of example configs on Cisco's website.
Thanks for your reply. I have checked into the example configs with limited success. My goal is to have an internal (192.168.11.x) network, a DMZ (10.10.10.x) network, and the Outside (216.241.48.x) network. My webserver will be the only machine residing in the DMZ. My exchange server will reside in the Inside network. I brought the ASA up with the config that I am attaching, and turned on the logging to try and figure out why nothing was working. I got some no route errors. I dont totally understand the static route deal. Do I need a static route for all 3 of my interfaces? Thanks again for any help.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :