[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 667
  • Last Modified:

Setup of a ASA 5505

Not exactly confident with setting up a ASA 5505 using a Linksys RVS4000 gigabit router pulling in  broadband from Comcast.  Cabling is as follows:

Ethernet from Comcast cable modem to the Internet port on the back of the RVS4000, then from Ethernet port 0 on the RVS to the ASA port 7.  All servers and desktops plug in to the available ports on the ASA.  Do I disable the DHCP on the RVS and let the ASA handle it?  Also, how do I config both the RVS and the ASA to support my machine network setup?  Please advise. Your help is greatly appreciated.
0
lonas7
Asked:
lonas7
  • 5
  • 5
1 Solution
 
Istvan KalmarCommented:
HI,

Better way, and give you more security if you use asa for firewall..
If you enabled the DHCP server on ASA always it give own leg for default gateway!
0
 
lonas7Author Commented:
Thanks for the help!  Please help me clarify what you suggest.  Leave DHCP enabled on the ASA and the RVS, correct?
0
 
Istvan KalmarCommented:
Only the asa is enough?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
marsyrobCommented:
I would create a trunk port on the RVS (if you need VLANS) and use that for the uplink to the ASA.  Plug in your broadband to the switch and have that IP as you DG on the ASA.  Then set up the remaining ports on the RVS as ports that house the servers etc with VLAN's (if you need VLANS)  I would not plug the devices directly into the ASA, use those for things like DMZ's etc.
0
 
lonas7Author Commented:
Guys, I really appreciate the help! I have had to configure factory-defaults numerous times because I keep screwing up the dmz setup.  Also, I apparently either forget the password or it saves it incorrectly.   I am still confused on the best way to setup this scenario.   I have the RVS4000 using Comcast as my ISP and the ASA5505 will be my firewall.  Please help me understand the correct setup to make this work efficiently. How would you guys set this up?  Please advise when you can.

Many thanks for the help, you are greatly appreciated!
0
 
Istvan KalmarCommented:
colud you show us the network toopolgy?

behind the ASA and linksys the DMZ?
0
 
lonas7Author Commented:
Attached is the proposed network config I would like to achieve.  Please enlighten me as to how you would setup this simple network with the best security in mind.

Thanks again guys!
Drawing1.gif
0
 
Istvan KalmarCommented:
in this scenario use ASA for DHCP server
0
 
lonas7Author Commented:
Here is my current ASA 5505 configuration.  What do I need to config to make this above scenario work for me?  Please be specific.  As you can tell I haven't the experience necessary to accomplish my goal so what ever setup info you can provide will be very helpful and appreciated.  

ciscoasa(config)# sh ru
: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!

!
!
prompt hostname context
Cryptochecksum:00000000000000000000000000000000
: end
ciscoasa(config)#
0
 
Istvan KalmarCommented:
the config ssems good ASA get ip address from RVS4000, ASA give ip address on lan
0
 
lonas7Author Commented:
Sorry for the late response.  Thanks to everyone for their answers and help!
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now