Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Accessing the Internet using a CISCO ASA 5510 - routing issues

Posted on 2006-10-19
2
Medium Priority
?
206 Views
Last Modified: 2010-03-19
Hi! All.

Currently I use a Proxy server to access the Internet, with proxy settings specified on the Internet browser for each syste,

I am trying to add an ASA 5510 to use as a firewall to access the Internet, and eliminate the use of the proxy, and I am having some problems.

Here's my set up.

Three networks.

Network A: 192.168.1.X
Network B: 192.168.2.X
Network C: 192.168.3.X

Networks B & C are connected to A via P2P T1 lines. I have CISCO 1720 routers on each network with static routes to each other and I can access servers across each network from any of the three. Each of the routers are set up with IPs 192.168.1.1 / 192.168.2.1  / 192.168.3.1.

Internet access is also fine as long as the client has the proxy specified.

The Internet proxy has an IP of 192.168.1.10 and is located in Network A.

My systems's IP is 192.168.1.15 and the gateway is 192.168.1.1 and I can communiate to servers on the other two networks as well as the Internet just fine.

I would like to add the ASA 5510 bearing IP address 192.168.1.3 to my network and use that as my Internet connection firewall and eliminate the Proxy.

From my machine if I change the gateway to the IP of the ASA (192.168.1.3) I can hit the Internet just fine. So the ACLs on the ASA is not an issue.

However if I change that gateway then I cannot communicate to the other two networks and I also cannot hit the Internet from the other two networks, if I remove the proxy settings from the browser.

I know I need some sort of static routing here to get the systems on the other networks to talk to the ASA.

But what confuses me is since I already have static routes set up on the CISCO routers at each of the location to communicate with each other, how do you I make the systems on networks B and C access the Internet without the Proxy?

Any help would be greatly appreciated and I will be more than happy to give 500 points for the correct answer.

Thank you.

Hiran
0
Comment
Question by:cfgchiran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 17771072
1. Don't change the gateway. Keep it pointing to the 1720 router, but do add this to the router:
  ip route 0.0.0.0 0.0.0.0 192.168.1.3

Make sure each remote site router points its default to your 1720 wan IP

2. Suggest keeping the Proxy in place. Because it caches dns and web pages, it can improve the user experience and help keep redundant traffic off your Internet to save Internet bandwidth.

3. Add a route statement to the ASA
  route inside 192.168.0.0 255.255.0.0 192.168.1.1

Done
0
 
LVL 1

Author Comment

by:cfgchiran
ID: 17786432
"lrmoore" - Thank you so much for your prompt response. My network actually has more subnets than I indicated, but with the information provided, I was able to configure all of the subnets and routers. Thank you.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question