Announcement

Collapse
No announcement yet.

Superscope routing on an ASA 5510

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Superscope routing on an ASA 5510

    Hi,

    First post here, though I have been reading information from this site for years.

    A company I am workiing with is seeking to complete a seemingly simple task of adding some IP addresses. Due to a variety of reasons they are opting to go with a superscope solution, here is the info:

    They are currently using a standard class c 192.168.1.xxx with a subnet of 255.255.255.0. They are using Microsoft DHCP to handle the addresses. I have created the superscope on the Microsoft Server (seemed fairly standard to setup) for this example using 192.168.2.xxx.

    This is working as intended and as the first range fills up the next range starts up, the clients have internal access to network resources.

    The issue is routing. I have tried to setup their ASA 5510 to incororate the new range but clearly I am doing this wrong. The new range works internally only so I am guessing I have not allowed access for the new range properly.

    I have read about using VLAN, EIGRP or setting up an IP helper but still not managed to resolve the routing issue. Can anyone provide me an example based on the following criterea:

    Cisco Internal Interface: 192.168.1.5
    Cisco External interface: xxx.xxx.xxx.xxx
    Internal Primary IP range: 192.168.1.xxx, 255.255.255.0
    Superscope (secondary range) 192.168.2.xxx. 255.255.255.0
    DHCP server: 192.168.1.63

    I am just really seeking a basic example of this so I better understand the procedure / commands.

    Thanks in Advance!

  • #2
    Re: Superscope routing on an ASA 5510

    Make sure you have nat and routing configured properly for your scopes on the ASA.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Superscope routing on an ASA 5510

      Originally posted by auglan View Post
      Make sure you have nat and routing configured properly for your scopes on the ASA.
      Hi,

      Thanks for the quick response. I tried to add a route that looked (Do not have the information on hand at the moment) like: "route 192.168.1.1-192.168.2.1", also tried to add it as a secondary IP but I think thats a bid old and no longer used.

      I guess what I am asking is for a quick example as to what the proper route would look like?

      Comment


      • #4
        Re: Superscope routing on an ASA 5510

        What if anything is behind the ASA on your internal network? A layer 3 switch? A network diagram would be helpful.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: Superscope routing on an ASA 5510

          Originally posted by auglan View Post
          What if anything is behind the ASA on your internal network? A layer 3 switch? A network diagram would be helpful.
          The switches in use are simply basic switches, I was thinking of putting a simple router in between to simplify this task.

          ASA->10/100/1000 switch(es)-> Wiindows servers.

          Comment


          • #6
            Re: Superscope routing on an ASA 5510

            If the switches are managed and allow vlan creation you can create your vlans on the switches and use sub interfaces on the ASA for each vlan subnet.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: Superscope routing on an ASA 5510

              Unfortunately the switches are not managed and do not support VLAN, though the ASA does. I was ultimately hoping to find some routing examples in my searches but most of the information I have found points at older technologies. I did try a secondary setup but this was not working either like this:

              int e 0/0
              ip address 192.168.2.0 255.255.255.0 secondary

              Comment


              • #8
                Re: Superscope routing on an ASA 5510

                One thing you may try is to put an ip address on the ASA inside interface that belongs to both subnets.


                You currently have 192.168.1.0/24 and 192.168.2.0/24. These are separate networks.


                On the ASA inside interface, you could try and readdress it:


                192.168.1.1 255.255.252.0 or 192.168.1.1/22

                The /22 covers 192.168.0.0 - 192.168.3.255 so there is some overlap there but that /22 network is part of the same subnet as both /24's. Not sure if this will work or not but its worth a shot.
                CCNA, CCNA-Security, CCNP
                CCIE Security (In Progress)

                Comment


                • #9
                  Re: Superscope routing on an ASA 5510

                  Looks like it might be worth trying! I will get back to you Monday after trying it.

                  Thanks for the help

                  Comment

                  Working...
                  X