Announcement

Collapse
No announcement yet.

Newbie Request for Assistance

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Newbie Request for Assistance

    Hey All,

    Forgive my ignorance here, I am not that well versed in networking. I have some things in place that I’ve had running (and well) for the better part of two years. I recently acquired an ASA 5505, and have been trying to get it setup. My existing network devices/configuration consists of two Cisco SG300 L3 Switches (in L3 mode - these are doing inter vLAN routing) and an SA520W. How I have things setup today is I have the SA acting as my DG for any and all devices and hosts, the segments used are 172.24.XXX.2/24 with the XXX being the vLAN’ed segment, the VLAN’s that are setup SG’s are represented on the SA, and static routes are in place that point to the IP’s for the vLAN’s on the switches (I think I explained that correctly) again, all devices and hosts point to their respective GW on the SA.

    Port’s 3 and 4 on the SA are configured as Trunk Ports, and carry all vLAN’s to the SG’s via port 10.

    What I would like to do is represent that same configuration on the 5505 that said would some of you be so kind as to review my configuration here, and provide some guidance on what (if anything) needs to change. I when attached to e0/0 (the only port I’ve tried) can ping the 172.24.130.2 IP, but I cannot ping the IP of any of the other segments (in short I am looking to implement inter vLAN routing here as well). I am also hoping I can get some insight on what needs to be done to allow for access from any of these networks to the outside world……..To add another layer of (what I assume to be) complexity is I would like to eventually attach the SA to a port (or several) on the 5505 (DMZ) and have one of various wireless segments vLAN’s 2005 be able to reach what it needs to on any of the vLAN’s in the private network, and 2105 terminate at the SA……are these things possible?......if so can any of you assist?

    Thank you

    aXcelio


    axc-cso-asa> en
    Password:
    axc-cso-asa# sh run
    axc-cso-asa# sh running-config
    : Saved
    :
    ASA Version 9.0(2)
    !
    hostname axc-cso-asa
    domain-name root.corp
    enable password 8Ry2YjIyt7RRXU24 encrypted
    names
    !
    interface Ethernet0/0
    switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105
    switchport trunk native vlan 1
    switchport mode trunk
    !
    interface Ethernet0/1
    switchport access vlan 1405
    switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105
    switchport trunk native vlan 1
    switchport mode trunk
    !
    interface Ethernet0/2
    switchport access vlan 1505
    switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105
    switchport trunk native vlan 1
    switchport mode trunk
    !
    interface Ethernet0/3
    switchport access vlan 1605
    switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105
    switchport trunk native vlan 1
    switchport mode trunk
    !
    interface Ethernet0/4
    switchport access vlan 1605
    switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105
    switchport trunk native vlan 1
    switchport mode trunk
    !
    interface Ethernet0/5
    switchport access vlan 1705
    switchport trunk allowed vlan 1,1405,1505,1605,1705,1805,1905,2005,2105
    switchport trunk native vlan 1
    switchport mode trunk
    !
    interface Ethernet0/6
    switchport access vlan 2305
    switchport trunk allowed vlan 2005,2305
    switchport trunk native vlan 1
    !
    interface Ethernet0/7
    switchport access vlan 3905
    !
    interface Vlan1
    description aXcelio - Default Network Segment
    nameif aXce-24.130
    security-level 100
    ip address 172.24.130.2 255.255.255.0
    !
    interface Vlan1405
    description aXcelio - Storage Network Segment (iSCSI Management)
    nameif aXce-24.140
    security-level 100
    ip address 172.24.140.2 255.255.255.0
    !
    interface Vlan1505
    description aXcelio - Storage Network Segment (iSCSI)
    nameif aXce-24.150
    security-level 100
    ip address 172.24.150.2 255.255.255.0
    !
    interface Vlan1605
    description aXcelio - Storage Network Segment (iSCSI)
    nameif aXce-24.160
    security-level 100
    ip address 172.24.160.2 255.255.255.0
    !
    interface Vlan1705
    description aXcelio - vManagement Network Segment
    nameif aXce-24.170
    security-level 100
    ip address 172.24.170.2 255.255.255.0
    !
    interface Vlan1805
    description aXcelio - vReplication Network Segment
    nameif aXce-24.180
    security-level 100
    ip address 172.24.180.2 255.255.255.0
    !
    interface Vlan1905
    description aXcelio - vmSystem Network Segment
    nameif aXce-24.190
    security-level 100
    ip address 172.24.190.2 255.255.255.0
    !
    interface Vlan2005
    description aXcelio - Client Network Segment
    nameif aXce-24.200
    security-level 100
    ip address 172.24.200.2 255.255.255.0
    !
    interface Vlan2105
    description aXcelio - Client Network Segment (Wireless)
    nameif aXce-24.210
    security-level 100
    ip address 172.24.210.2 255.255.255.0
    !
    interface Vlan2305
    description aXcelio - Perimeter Network Segment
    nameif aXce-34.130
    security-level 50
    ip address 172.34.230.2 255.255.255.0
    !
    interface Vlan3905
    description aXcelio - Fios Public Facing
    nameif aXce-00.000
    security-level 0
    ip address dhcp setroute
    !
    ftp mode passive
    dns server-group DefaultDNS
    domain-name root.corp
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    pager lines 24
    logging asdm informational
    mtu aXce-24.130 1500
    mtu aXce-24.140 1500
    mtu aXce-24.150 1500
    mtu aXce-24.160 1500
    mtu aXce-24.170 1500
    mtu aXce-24.180 1500
    mtu aXce-24.190 1500
    mtu aXce-34.130 1500
    mtu aXce-24.200 1500
    mtu aXce-24.210 1500
    mtu aXce-00.000 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 aXce-24.130
    http 172.24.130.0 255.255.255.0 aXce-24.130
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec security-association pmtu-aging infinite
    crypto ca trustpool policy
    telnet timeout 5
    ssh timeout 5
    console timeout 0

    dhcp-client client-id interface aXce-00.000
    dhcpd auto_config aXce-24.150
    !
    dhcpd address 172.24.130.200-172.24.130.254 aXce-24.130
    dhcpd enable aXce-24.130
    !
    dhcpd address 172.24.140.200-172.24.140.254 aXce-24.140
    dhcpd enable aXce-24.140
    !
    dhcpd address 172.24.150.200-172.24.150.254 aXce-24.150
    dhcpd enable aXce-24.150
    !
    dhcpd address 172.24.160.200-172.24.160.254 aXce-24.160
    dhcpd enable aXce-24.160
    !
    dhcpd address 172.24.170.200-172.24.170.254 aXce-24.170
    dhcpd enable aXce-24.170
    !
    dhcpd address 172.24.180.254-172.24.180.254 aXce-24.180
    dhcpd enable aXce-24.180
    !
    dhcpd address 172.24.190.200-172.24.190.254 aXce-24.190
    dhcpd enable aXce-24.190
    !
    dhcpd address 172.34.230.200-172.34.230.254 aXce-34.130
    dhcpd enable aXce-34.130
    !
    dhcpd address 172.24.200.200-172.24.200.254 aXce-24.200
    dhcpd enable aXce-24.200
    !
    dhcpd address 172.24.210.200-172.24.210.254 aXce-24.210
    dhcpd enable aXce-24.210
    !
    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    webvpn
    anyconnect-essentials
    username NetOPS password CLjkFfuIkwPbAFok encrypted privilege 15
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    !
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    hpm topN enable
    Cryptochecksum:0e983864974132248dfe3c2bf5a8fb99
    : end
    axc-cso-asa#
Working...
X