kracksmith
join:2004-07-14
Fullerton, CA
| [Config] ASA Transparent or bridge configuration
Hi
We have a hub that physically sits in front of our firewall. I like to get rid of this hub. The purpose for this hub is mimick our VPN connection so I can give tutorials to VPN users within the office when they bring in their computer/laptop for VPN configurations.
2ndly it's also being used as internet managed webcam with a public IP address. Webcam users from the other side will just type in the public IP and connect.
Our firewall is a ASA5510 with 4 ports. 2 main ports has been configured with security 0 and 100 (outside and inside interface). This left us with 2 unused ports for the above scenarios. Internet webcam port #3 has been configured to be NAT as accesslist is needed to disable communication to our inside LAN. So for port #3 interface an private IP has been configured with a different subnet than our inside LAN interface. I would then configure an private IP with the same subnet for interface #3 to this internet webcam unit. With the correct configured Accesslist it should point the public IP to this private IP (webcam). This should work correct.
My problem is how am I going to configure this last port #4 to mimick VPN login in front of the firewall? It won't let me configure a public IP on port/interface #4 with the same subnet mask as my outside ISP WAN port. I think I can configure Nating like I did above but will that work to mimick VPN users login from the outside??
What I really like to do is configure 2 public IP addresses for port/interface #4. One being the outside and the other being the inside (host/vpnlaptop/vpncomputer). but again it won't let me configure a public IP with the same subnetmask of the ISP WAN interface where the T1 signal is coming in.
In the pass I used Sonicwall and it was able to be configured as a transparent port. Meaning I just programmed a public IP ( on a vpnlaptop) and I can mimick a outside VPN login.
Can Cisco do this? if so what is the configuration?? |
|
aryoba
Premium,MVM
join:2002-08-22
| It sounds like you have questionable network design. First issue is the purpose of using hub between the firewall and the Internet router.
I understand that there are multiple devices that need to use public IP address directly beside the firewall. Typically for this purpose in a lot of organizations, there is a switch between the firewall and the Internet router and not a hub since a switch has much better performance and reliability in this scenario type. You don't really want to have a shared medium (the same collision domain) between all devices that have public IP address.
As to the VPN simulation, you don't need to utilize the 4th port of the firewall. Simply plug in the computer/laptop for VPN configuration directly to the switch.
From your description, it sound like you try to setup the webcam to sit in the firewall DMZ. With proper firewall configuration, then yes such setup should work. |
|
