Solved

Cisco ASA 5510 Firewall setup

Posted on 2009-04-06
7
912 Views
Last Modified: 2012-05-06
Hello Cisco experts

We  just recently bought  a Cisco ASA 5510 appliance and I am supposed to set it up and install in our network (currently use Watchguard)

My conection to the internet is a 5MB Optical Circuit (Metro Ethernet)  and the Ethernet cable is plugged straight into Watchguard outbound port.  (no router)

Behind the firewall I have 3 internal  networks (2 + 1 DMZ) .  I am trying to figure out the best way to set the ASA up so I have started to read an article Cisco Document ID 63880  "Connecting Multiple Internal Networks with Internet: Configuration Example"
This document refers to PIX/ASA 7.x or higher and one of the prerequisites is to use a Cisco router behind the PIX (?!)  I don't know if this apply to ASA device, it it does then I am in trouble  (need a router)

My ASA 5510 software is 7.12 . I have tried to upgrade to 8.X (available on the CD which came with the unit) but it fails every time I try to upgrade the software

I have also noticed that Packet Tracker is not available on my ASDM interface.  Should I upgrade to v 6.11 ( also available on CD) or is something else I should to to get this very usefull tool

Thank you all in advance for your help

Cheers
0
Comment
Question by:Bibecu
7 Comments
 
LVL 8

Expert Comment

by:Sniper98G
ID: 24083192
For all intensive purposes the ASA is a pix. It uses the same code/interface as a pix.

You can configure each of the interfaces on the device (4 on your model I believe) to a different subnet. So; you do not require a router. The only problem you may run into is if you want the to subnets to communicate directly without restriction you will need to set them to the same security level and configure the "same-security-traffic permit inter-interface" command to get that to work.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
ID: 24085352
To Update see my website here http://www.petenetlive.com/Tech/Firewalls/Cisco/updateasacli.htmor here if you prefer the CLI http://www.petenetlive.com/Tech/Firewalls/Cisco/updateasacli.htm
To connect see http://www.petenetlive.com/Tech/Firewalls/Cisco/connect2.htm then for simple setup http://www.petenetlive.com/Tech/Firewalls/Cisco/5505Setup.htm (note that page shows, and demonstrates an ASA 5505 not a 5510 but the process is the same with the exeption of assigning VLANS - the 5510 does not have VLANs allready setup, the 5505 does, so to be honest the basic setup is slightly easer on your firewall.
If you need to setup VPN's etc there are other walkthrough on the site :)
0
 
LVL 5

Expert Comment

by:shirkan
ID: 24138506
first, you have 3 100mbit interfaces (incl the management) and 2 1Gb interfaces (0 and 1 i think)

of course use the GB interfaces for LAN and whichever DMZ has the most traffic,  spread the others

u dont need a router to make the different Networks connected to the ASA to communicate with each other

you use static and access-list commands to restrict communication the way you want.

you will have to give me more detail on your network to make any other suggestions and since you have an ASA now, tell your boss you need Cisco Training for that thing, otherwise you will never really know what you are doing and less understand it

this - "same-security-traffic permit inter-interface" is the lazy version if you dont need access rules between the interface (physical and virtual)

anyways, without a plan its hard to say whats best for you
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 5

Expert Comment

by:shirkan
ID: 24138550
if you want to stay with version 7 you need to upgrade to 7.2.4 and ASDM 5.2.4 - i dont really recommend version 8 as it has alot more bugs then 7
it has advantages if you use alot of ssl-vpn, other then that stay with 724
and you need a tftp or ftp server to upload the image or you use the http interface for it, dont forget to match ASDM with the Version you want to run and edit the config to tell it to boot the right image
0
 

Author Closing Comment

by:Bibecu
ID: 31570091
Thank you guys for the time taken to answer.  Yes, I am new to cisco stuff.  So far I have managed to upgrade to v 8 and ASDM 6, configure the appliance, and I am in process to setup the access rules. Compared with Watchguard is a different world !    I am not going to use "Enable traffic between interfaces with the same security level"  because yes, that's a lazy way to do it. Again, thank you all for your time responding to my question.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 32644435
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 32644711
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Web site adult filtering solutions for a small LAN network 27 191
Monitor Internet Edge Router behind Firewall 2 31
WLC and radius 4 30
Error after upgrade of 3850s 15 54
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question