Link to home
Start Free TrialLog in
Avatar of fshguo
fshguo

asked on

configuring ASA 5505 4 VLANs

is there a way to configure the ASA 5505  secure plus device from scratch via ASDM over IE remotely with limit on site assist?

It composes of:
1)  business, internet, home and DMZ four VLANs;
2) one device in DMZ zone mapping to second fix public IP with  port 443 open.
3) one IP in business VLAN open port 135 for a device in home VLAN.

Any major steps to accomplish this setup?


ASKER CERTIFIED SOLUTION
Avatar of batry_boy
batry_boy
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of fshguo
fshguo

ASKER

Let me clarify two items based on your comments:
1) the following lines:
static (DMZ, outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255  <--create translation for DMZ host to public IP address 1.1.1.2
static (business,home) 10.1.1.2 10.1.1.2 netmask 255.255.255.255  <--create translation for business host to look like itself on home VLAN
are these the NAT? where this applies in  ASDM?
2) do you thing the "access-group acl_home_in in interface home" should be  to acl_home_out instead? and again where this applies in ASDM?

In addition, three more questions:
1) does the routing table need to manually added between VLANs? or the device will learn by itself once the VLAN created?
2) Should the NAT or PAT enable in this senario?
3) by default, the VLAN has higher security level can access the lower one, how can it be revoked for business VLAN from accessing home unless it is permitted in access-list?

Thanks.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial