Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to route traffic on ASA

Posted on 2010-11-29
5
560 Views
Last Modified: 2012-06-21
Hi There,

I need some assistant with configuring my new internet connection on ASA 5510
I need to route all traffic to my ISP.

I have setup sub intetrfaces for each of my vlans ( see below) and E0/1 connects directlty to ISP managed MODEM. I have assigned the public ip address to the interface  E0/1 which connects directly to ISP's modem. I would like also to setup PAT for my internal users to be abel to access the internet(please review and and advise)

 I'm attaching a draft network diagram that i'm working on for your review.


#################################'
Ethernet0/0.10             10.10.10.1    

Ethernet0/0.20             10.10.20.1      

Ethernet0/0.30             10.10.30.1      

Ethernet0/0.40             10.10.40.1

Ethernet0/0.50             10.10.50.1      
#################################'


#################################'
global (outside) 1 interface
nat (ManagementVlan) 1 10.10.10.0 255.255.255.0
nat (StaffVlan) 1 10.10.20.0 255.255.255.0
nat (ServerVlan) 1 10.10.30.0 255.255.255.0
nat (StudentVlan) 1 10.10.50.0 255.255.255.0
Network.jpg
0
Comment
Question by:MCP200
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 34229639
So far that looks OK. Did you set the default route to the ISP specified ip address?
Have you considered the security levels of each vlan?
Have you considered which networks need to talk to each other? Are you routing between the vlans on the core switch?
You did not specify exactly which version ASA OS you are running and NAT commands have changed dramatically between 8.2 and 8.3. Most versions up to 8.2 are pretty  much the same.
0
 

Author Comment

by:MCP200
ID: 34230972
Hi , Thanks for the reply

I'm running Asa 8.2

1) I don't want vlan  50 to communicate with vlan 20 at all

2) I have set security level to 100 for all inside vlans and level 0 to the outside level.

3) Well I had router on stick setup and now it will be replaced by the Asa.The routing between vlan is done by the core switch

4) I setup route outside 1 0 255.255.255.252 interface
I'm not sure if that's the right way to assign default route to the supplied public ip.

Thank you

4)

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 34231303
For a default route use this syntax:

route outside 0.0.0.0 0.0.0.0 <ip of ISP's managed router>

As long as the routing between vlans is accomplished on the core router, that is where you need to put acls to restrict access between vlans.

If you want to use the ASA to route between the vlans, then you need to disable nat-control, and create acls to apply to each interface to allow/block traffic. It gets ugly trying to use an ASA as a router.
0
 

Author Comment

by:MCP200
ID: 34234964
Routing is working fine now; I had to contact the isp to provide the ip address for their vlan interface. I’ll do some restructuring over the weekend and I’ll get my 3750 do the routing as it's easier.

One more thing, when security level is set to 100, what kind of traffic is allowed outbound?


0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 34235622
All traffic from higher (100) to lower (0) is allowed by default
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Web Fraud scenarios to PoC F5  web fraud prevention 7 48
Creating a Vendor Admin user 23 80
Limit traffic to specific Cisco port? 12 54
Cisco RV042G 4 6
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question