Solved

Cisco ASA and Multiple Inside Networks

Posted on 2013-12-02
2
393 Views
Last Modified: 2013-12-02
Would somebody confirm I can do the following? I need to make sure this will work an ASA5505-SEC-BUN-K9 running 9.1.3

I have four networks I need to deal with

Outside (security level 0)  public ip address
DMZ  (security level 10)  10.0.0.0/24
Office (security level 90)  172.17.1.0/24
Engineering (security level 100) 192.168.1.0/24

The Engineering network needs to be able to get to everything, everywhere

The office network needs to access the Internet (outside), web server in the dmz (ftp, smb, www) , and certain services on selected machines in the Engineering network. Can I do a PAT from the Office network to the Engineering network? i.e. from the office network connect to http://172.17.1.1 and I get to to the web server at 192.168.1.10

 The DMZ machine needs only to be set up for NAT so that the Internet can access the web server.

I will also be setting up two SSL VPN groups - one which allows only access to the office network (using rdp) , one to the engineering network (using rdp and www).

I have never set up where I had 2 "inside" networks - Engineering and Office. I just need to confirm it will work before I get started.

thank you!
0
Comment
Question by:claytarget
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
ID: 39689976
I see no reason why you cannot do this, you have a sec plus firewall, so have no limitations on VLANS.

PL
0
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 125 total points
ID: 39690141
Pete is correct, you shouldn't have any restrictions. It can sometimes be a bit more complicated when it comes to ACL's and natting, but it can certainly be done.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question