Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

two ports to outside VLAN ASA 5510

Status
Not open for further replies.
http80

http80

Technical User
Dec 6, 2009
3
AT
Hey guys,

I'm rather new to configuring network devices, but it seems now I have to do it:
I'm in a "sub-organisation" of an University and we want to share an ASA 5510+Sec+ with an department of the University.
(Yes, nobody else is there who can cofigure this stuff)

From the University the department and we have
TWO external IP addresses with
two physical ethernet ports on the same subnet:
128.135.010.5
128.135.010.6

we have TWO VLANs:
VLAN1 128.135.120.1 255.255.255.255
VLAN2 128.135.127.1 255.255.255.255

We need separate VPN access to the VLANs.
(No multicontext mode...)

I want to assign the
two ports of the ASA to the two external IP addresses
and
two ports of the ASA to the two internal VLANs

I want the traffic from
VLAN1 to be routed over the PORT with external IP 128.135.010.5
and from
VLAN2 to be routed over the PORT with external IP 128.135.010.6

(So the two VLANs are independent from each other. Just a few security policies will allow us to use printers of the university department.)

So now my questions:
1.) How do I assign two ports to the same outside VLAN?
2.) How do I route traffic from an internal VLAN to a specific ASA Port.

I hope you can give me some hints because I could not find a solution for this problem.

Thanks for the help
 
Sort by date Sort by votes
The VPN is pretty easy. Take a look at this and use separate VPN groups -

cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806ab788.shtml

The outside may take some work. Maybe a switch between.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Thanks for the answer, thats how I want to make it with the VPN.

But yes, the outside seems to take some work.
(We need our own outside IPs (128.135.010.5,128.135.010.6)because we need to stay independent)

So I would be happy if anyone has an idea:
how to get working the two ports to the outside?
 
Upvote 0 Downvote
What has to go through the ip's separately? If its only services it is just a basic setup with port mapping and some ACLs. For the VLANs appearing as the different ip then you only need two Nat/global pairs and that will do the job.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
cisco.com/en/US/products/ps6120/products_configuration_example09186a0080862017.shtml

Just looked at your ips. Are you natting as these are all public? A little confused.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Sorry, I didn't mention that also the two "internal" VLANs are public. So ASA should work as bridge.

The two IPs in the outside VLAN are just for public services and the routing at the University network. (All our domains point at the 128.135.010.5 IP).

So the problem is how to split the outgoing traffic over the two eth-ports.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
670
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
628
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
583
intel233
intel233
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
442
gkreg
gkreg
phjames
  • Locked
  • Question
Replacement for ASA-5510
Replies
1
Views
145
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top