Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA 5510 Serviced office config! 1

Status
Not open for further replies.
Mintsauceuk

Mintsauceuk

IS-IT--Management
Jun 30, 2008
15
GB
Hi guys im wondering if somone could help me,

Im trying to configure a ASA 5510 for use in a serviced office building, The building has a.llq Vlan Capable Procurve Stack Uplinked into Eth0/1

An SDSL router into Eth0/0 With 32 External IPs

What im trying to do is set up a different VLAN for Each tennant (that i think iv managed to do)

Eg Native network 192.168.10.0
Customer1 192.168.11.0 VLAN2
Customer2 192.168.20.0 VLAN3

and so forth with the Asa being .1 on each network and providing DHCP

iv got this working but i cant get the thing to forward DNS requests or resolve any, im currently testing on the Native 10.0 network, DCHP gives me the ASA as the DNS server but NSlookup says "cant find server name for 192.168.10.1"

iv enabled DNS on the interface and Added ISPs dns into the DefaultDNS Group.


Also another question if the cutomer wants their own external ip is it streight forward to let them put a router on say 192.168.12.2 and forward an external IP onto it, then atleast i always have final say on what ports are allowed!!??

Thanks in advance for any help. im a bit of a cisco Newbie but im not thick!!

Cheers

Dan
 
Sort by date Sort by votes
The ASA doesn't function as a DNS server. It will only set the address in the DHCP options. You will need to set them to either an internal source or one of the public ones. I like
4.2.2.3
4.2.2.2
4.2.2.4

If you have the public IPs available, just set up a static that points all traffic to their router. Natting twice does present problems when trying to track down problems but I've done it when nothing else will work.

static (Customer1,outside) [CustomerPublicIP] [CustomerRouterIP] netmask 255.255.255.255

This will forward all traffic inbound to that address to the internal one. Now you need to allow specific traffic through the outside interface IP with an ACL

access-list outside-inbound permit tcp any host [CustomerPublicIP] eq [Port#]

make one entry for each allowed service/port. Add these lines to your current inbound ACL so not to break any existing setup.

If this is your first time you will need to apply the ACL to the outside interface.

access-group outside-inbound in interface outside




Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
378
intel233
intel233
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
336
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
340
intel233
intel233
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
227
gkreg
gkreg
phjames
  • Locked
  • Question
Replacement for ASA-5510
Replies
1
Views
107
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top