Setup of a ASA 5505
Not exactly confident with setting up a ASA 5505 using a Linksys RVS4000 gigabit router pulling in broadband from Comcast. Cabling is as follows:
Ethernet from Comcast cable modem to the Internet port on the back of the RVS4000, then from Ethernet port 0 on the RVS to the ASA port 7. All servers and desktops plug in to the available ports on the ASA. Do I disable the DHCP on the RVS and let the ASA handle it? Also, how do I config both the RVS and the ASA to support my machine network setup? Please advise. Your help is greatly appreciated.
Ethernet from Comcast cable modem to the Internet port on the back of the RVS4000, then from Ethernet port 0 on the RVS to the ASA port 7. All servers and desktops plug in to the available ports on the ASA. Do I disable the DHCP on the RVS and let the ASA handle it? Also, how do I config both the RVS and the ASA to support my machine network setup? Please advise. Your help is greatly appreciated.
ASKER
Thanks for the help! Please help me clarify what you suggest. Leave DHCP enabled on the ASA and the RVS, correct?
Only the asa is enough?
I would create a trunk port on the RVS (if you need VLANS) and use that for the uplink to the ASA. Plug in your broadband to the switch and have that IP as you DG on the ASA. Then set up the remaining ports on the RVS as ports that house the servers etc with VLAN's (if you need VLANS) I would not plug the devices directly into the ASA, use those for things like DMZ's etc.
ASKER
Guys, I really appreciate the help! I have had to configure factory-defaults numerous times because I keep screwing up the dmz setup. Also, I apparently either forget the password or it saves it incorrectly. I am still confused on the best way to setup this scenario. I have the RVS4000 using Comcast as my ISP and the ASA5505 will be my firewall. Please help me understand the correct setup to make this work efficiently. How would you guys set this up? Please advise when you can.
Many thanks for the help, you are greatly appreciated!
Many thanks for the help, you are greatly appreciated!
colud you show us the network toopolgy?
behind the ASA and linksys the DMZ?
behind the ASA and linksys the DMZ?
ASKER
Attached is the proposed network config I would like to achieve. Please enlighten me as to how you would setup this simple network with the best security in mind.
Thanks again guys!
Drawing1.gif
Thanks again guys!
Drawing1.gif
in this scenario use ASA for DHCP server
ASKER
Here is my current ASA 5505 configuration. What do I need to config to make this above scenario work for me? Please be specific. As you can tell I haven't the experience necessary to accomplish my goal so what ever setup info you can provide will be very helpful and appreciated.
ciscoasa(config)# sh ru
: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!
!
!
prompt hostname context
Cryptochecksum:00000000000
: end
ciscoasa(config)#
ciscoasa(config)# sh ru
: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!
!
!
prompt hostname context
Cryptochecksum:00000000000
: end
ciscoasa(config)#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the late response. Thanks to everyone for their answers and help!
Better way, and give you more security if you use asa for firewall..
If you enabled the DHCP server on ASA always it give own leg for default gateway!