justinb67
asked on
cisco asa 5505 routing internal subnets - recommend a router for me
I've got a customer who had another consultant swap out their Watchguard Firebox for a Cisco ASA 5510. This customer has 2 subnets behind an internal wireless network that also need to be routed. The consultant who set it up could not get the ASA to route packets back to the two subnets behind the wireless, so he ended up switching the default gateway for the whole organization to the wireless router that was handline the site-to-site wifi, and having it route back to the asa for internet traffic.
This made the wireless unstable, as the device was not designed to handle that much traffic. I got called in to cleanup the mess, and so what I did was put dd-wrt on a linksys befsr41. It was a simple test, and I made that device the router, and had it hand off to the ASA, and put the wireless behind it. This fixed the problem, but the little linksys has introduced a delay to the network.
I know that PIXs could not route internal subnets, and I am assuming this is still the case with an ASA. So what device can I get that is fairly inexpensive and will route to the asa and the two other subnets behind the wireless?
Thanks!
Justin
This made the wireless unstable, as the device was not designed to handle that much traffic. I got called in to cleanup the mess, and so what I did was put dd-wrt on a linksys befsr41. It was a simple test, and I made that device the router, and had it hand off to the ASA, and put the wireless behind it. This fixed the problem, but the little linksys has introduced a delay to the network.
I know that PIXs could not route internal subnets, and I am assuming this is still the case with an ASA. So what device can I get that is fairly inexpensive and will route to the asa and the two other subnets behind the wireless?
Thanks!
Justin
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
that worked fantastic. The static command was actually staitc (inside) mask 1
I already had all of those commands in because we have a funky VPN and port forwarding inbound that routes to the remote subnets. But I also had to put in some rules in the nonat ACL to get it working. i just put in from to and vice-versa for both subnets.
Thanks for the help!
Justin
I already had all of those commands in because we have a funky VPN and port forwarding inbound that routes to the remote subnets. But I also had to put in some rules in the nonat ACL to get it working. i just put in from to and vice-versa for both subnets.
Thanks for the help!
Justin
SBS
Small Business Server (SBS) is a line of server operating systems targeted at small businesses by bundling the operating system with a number of other Microsoft products that would normally need to be purchased or licensed separately. The most notable inclusions are Exchange, SQL Server, SharePoint and ISA/TMG (Microsoft's firewall and proxy server).
59K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Now if you don't have an inside router, or simply wish to have those other subnets somewhat segregated from your other LAN traffic another option would be to spind up additional interfaces on the ASA, one for each subnet. Then allow the ASA to actually be the router for each subnet.
You can even then assing the same security number to those new interfaces as your inside and use the command: "same-security-traffic permit inter-interface" to allow the traffic to flow between the interfaces without the need to be granular on what traffic. You'll likely also need to exempt the NAT traffic between interfaces....if you need info on any of that just post and we can tell ya how...otherwise if you're using an internal router for those other subnets just run with it