Solved

Moving an ASA to a co-location site. via MPLS

Posted on 2008-06-23
3
428 Views
Last Modified: 2010-04-09
hello,
I have a Cisco ASA 5510. We currently use it at our main site but we're going to an MPLS setup with a co-location site provided by the ISP. Currently my ASA is setup as follows

Internet T-1
    |
    |
Global IP addresses
ASA 5510
192.168.1.5/24  
   |
   |
LAN 192.168.1.0/24


we are moving the setup to the following

Internet
  |
  |
Global IP addresses(Same as above no IP address change)
ASA 5510
10.0.0.2/24
   |
   |
10.0.0.0/24 Colocation LAN
  |
  |
10.0.0.1/24 ISP MPLS Router
  |
  |
MPLS router My company 192.168.1.5/24
  |
  |
LAN 192.168.1.0/24


hopefully the above drawing isn't too confusing. basically I have fairly decent knowledge of the ASA but I'm not an expert. Here is a list of teaks that I know I have to complete. I just want to make sure I'm not forgetting anything when I actually do the move. Just to re-iterate the internet IP address range will not change, it will just be transitioned to the new router by the ISP.

1. allow admin access from 10.0.0.0/24 LAN
2. change IP address of Ethernet0/0 from 192.168.1.5/24 to 10.0.0.2/24
3. add a route for 192.168.1.0/24 via 10.0.0.1


I think this should do it. I'm not sure about any Access List changes I need to make. Do I need to make any ACL list changes for the 10.0.0.0/24 network?
0
Comment
Question by:jbla9028
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21859103
I guess that depends on wheter you have machines on the 10-net that needs access or to be accessed.  I'd assume so since you want to grant admin access from that network?
0
 
LVL 1

Author Comment

by:jbla9028
ID: 21859145
I will need access to those machines via 192.168.1.0/24. obviously I will need to add PAT translations into the ACL if I need outside access to any devices on 10.0.0.0  basically the ASA will control all internet access for several sites.
0
 
LVL 15

Accepted Solution

by:
Voltz-dk earned 500 total points
ID: 21859279
Well, it seems to be covered for the details included.  And as long as you can reach the ASA, you can always make any other adjustments needed.
If you have any other Internet connection, preferably with a static IP you might consider giving that outside access until you have verified all is good.
(Unless that can already be verified when the ASA is connected at the Colo.)
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question