[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

IP subnet migration

Posted on 2010-03-29
6
Medium Priority
?
606 Views
Last Modified: 2012-05-09
I am in the middle of migrating from an old domain to a new one. At the same time I am implementing 3 new IP subnets for the new domain, while needing to keep the old subnet alive for a while.  My current architechure is:  ASA5510 firewall - which is the gateway for my old subnet -192.0.0.0/24. No router currently in place and 3 48port layer 2 switches - cisco/linksys variety, New subents's: 10.10.1.0/24, 10.10.3.0/24, 10.10.5.0/24  My ASA cannot handle secondary IP address for the other gateways and I only have the 1 physical port that my old network uses for the LAN gateway.  Should I purchase a router and place it in between my switch gear and firewall to act as the gateway for all the new and old subnets?  I need the new and old subnets to be able to talk between them. Any ideas?
0
Comment
Question by:ritch578
  • 3
  • 2
6 Comments
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 29006525
If your current firewall/router can't support VLAN tagging and sub-interfaces then you would need to get a router to put in between it and the switches.
You might consider a layer 3 switch to do the routing. Just bring it into the existing network as one of its subnets and have a default route on it pointing to the ASA.
0
 
LVL 3

Assisted Solution

by:zwart072
zwart072 earned 2000 total points
ID: 29013834
You have to create 4 subinterface on the 1 physical interface on the asa. Then the uplink from the asa to you switch you have to configure as trunk port as well as the uplinks to the other switches. Now you can assign a specific vlan to each subinterface and add the ip adress which can act as default gateway for that specific vlan.

0
 

Author Comment

by:ritch578
ID: 29014207
I am a networking novice at best and a pure rookie when it comes to VLans.  Does creating a Vlan require each and every user network drop for example to be known on the switch? And can traffic between the VLan's talk freely - example - 10.10.1.1 (server network) will serve up DHCP address to clients (10.10.3.1 client network)  The only reason I ask is being a novice and not wanting to over complicate the enviroment.
0
The eGuide to Automating Firewall Change Control

Today’s IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

 
LVL 3

Accepted Solution

by:
zwart072 earned 2000 total points
ID: 29015869
you have to assign each switch port to the vlan which it should be. Then you've create a policy in the asa to permit traffic between those vlan's. You will also need probably nat or pat to translate your internal private ip range to a public ip(range) to the outside. In the security policy on the asa you have to permit the traffic you need to the inernet but also between the vlan's
0
 

Author Comment

by:ritch578
ID: 29019140
Thanks for the VLan education.  Would a router or add additional ports on the ASA be an easier solution?
0
 
LVL 3

Assisted Solution

by:zwart072
zwart072 earned 2000 total points
ID: 29075976
adding a router would be an easier en better solution, because this is what a router should do. An asa is a firewall and not a router, but with the asa you can do the job you require.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question