Solved

How to route traffic on ASA

Posted on 2010-11-29
5
556 Views
Last Modified: 2012-06-21
Hi There,

I need some assistant with configuring my new internet connection on ASA 5510
I need to route all traffic to my ISP.

I have setup sub intetrfaces for each of my vlans ( see below) and E0/1 connects directlty to ISP managed MODEM. I have assigned the public ip address to the interface  E0/1 which connects directly to ISP's modem. I would like also to setup PAT for my internal users to be abel to access the internet(please review and and advise)

 I'm attaching a draft network diagram that i'm working on for your review.


#################################'
Ethernet0/0.10             10.10.10.1    

Ethernet0/0.20             10.10.20.1      

Ethernet0/0.30             10.10.30.1      

Ethernet0/0.40             10.10.40.1

Ethernet0/0.50             10.10.50.1      
#################################'


#################################'
global (outside) 1 interface
nat (ManagementVlan) 1 10.10.10.0 255.255.255.0
nat (StaffVlan) 1 10.10.20.0 255.255.255.0
nat (ServerVlan) 1 10.10.30.0 255.255.255.0
nat (StudentVlan) 1 10.10.50.0 255.255.255.0
Network.jpg
0
Comment
Question by:MCP200
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 34229639
So far that looks OK. Did you set the default route to the ISP specified ip address?
Have you considered the security levels of each vlan?
Have you considered which networks need to talk to each other? Are you routing between the vlans on the core switch?
You did not specify exactly which version ASA OS you are running and NAT commands have changed dramatically between 8.2 and 8.3. Most versions up to 8.2 are pretty  much the same.
0
 

Author Comment

by:MCP200
ID: 34230972
Hi , Thanks for the reply

I'm running Asa 8.2

1) I don't want vlan  50 to communicate with vlan 20 at all

2) I have set security level to 100 for all inside vlans and level 0 to the outside level.

3) Well I had router on stick setup and now it will be replaced by the Asa.The routing between vlan is done by the core switch

4) I setup route outside 1 0 255.255.255.252 interface
I'm not sure if that's the right way to assign default route to the supplied public ip.

Thank you

4)

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 34231303
For a default route use this syntax:

route outside 0.0.0.0 0.0.0.0 <ip of ISP's managed router>

As long as the routing between vlans is accomplished on the core router, that is where you need to put acls to restrict access between vlans.

If you want to use the ASA to route between the vlans, then you need to disable nat-control, and create acls to apply to each interface to allow/block traffic. It gets ugly trying to use an ASA as a router.
0
 

Author Comment

by:MCP200
ID: 34234964
Routing is working fine now; I had to contact the isp to provide the ip address for their vlan interface. I’ll do some restructuring over the weekend and I’ll get my 3750 do the routing as it's easier.

One more thing, when security level is set to 100, what kind of traffic is allowed outbound?


0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 34235622
All traffic from higher (100) to lower (0) is allowed by default
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

There is a question posted at http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28324159.html (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28324159.html) and i…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now