ASA 5510

[splat78423]

On a cisco ASA 5510 I would like to configure on the outside interface a T1 line, a cable modem, and a dsl line. Is this done by simply connecting those three routers into the switch that connects to the outside port of the 5510 and then setting up access rules? If so, does anyone out there have any suggestions for basic settings that should include a web server on my DMZ?

 

[splat78423]

wouldnt this config give my outside interface 3 public ip addresses? Does that mean I need to use subinterfaces for the outside port? Can I assign a different default gateway address to each subint as well as diferent DNS Servers?

 

[voltron1011]

I don't think that is possible. You say you have routers connected to the 3 circuits already? If so, what kind are they?

 

[splat78423]

so i cant add a different ip address to each subinterface on the outside interface?

I have a paetec 3200 adtran router on the T1 line, and basic linksys routers for the dsl and cable connections.

I am using cable because this is a system for a high school and we get cable internet for free (so I'd like to use it for a basic web server), and the dsl line because we have the connection under contract for the another year. I would like to use the existing circuits for obvious reasons....Do you think that this is more of a question for cisco tech support???

 

[Supergrrover]

If you have an ASA, you have 4 interfaces. Set one aside for each and use different static routes to direct the traffic you want to go out each interface. This won't load balance, but you can get more intricate with route maps and the like. If you have smartnet, use cisco. You already paid for it. make them work a little.


Brent
Systems Engineer / Consultant
CCNP

 

[splat78423]

I appreciate the advice, their are not alot of people with the expertise you have. I called cisco and they didnt know off of the top of their heads (at least the guy I talked to). Then again, I just ordered the unit and only asked the sales department (they said that I have to wait 5 - 7 days to talk to someone from the engineering department.

So what you are saying is to simply directly connect the individual routers to the different ports with a crossover cable (if needed I'll have to double check) and then use static routes, right? That sounds good to me, but I want to also use one of the ports as an inside zone and another as a DMZ, unfortunately I have three cheap routers. I know that I should just get an 1800 an concolidate all of the data lines to one router but I dont have the budget right now. Will it work if I connect the routers to a switch and plug the switch into a port in the ASA which I setup as an outside interface to run static routes through a seperate subinterface to each individual router?

 

[Supergrrover]

I don't think you need cross over cables but do double check. I double checked on the load balanceing - You can load balance over 3 static default routes. Cisco says that is "SHOULD" be over the same interface, but I am not sure what that actually means.

I don't know what license you have for it. I don't think the base license has any vlans on it. I do know that the security plus license allows up to 10 vlans. That gives you more than enough to play with. Each subinterface should get its own vlan and ip. You will need to get a managed switch that has 802.1q for the vlans and trunking. I recommend cisco, but linksys will do in a budget pinch. let me know how it goes.

Brent
Systems Engineer / Consultant
CCNP, CCSP