republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Equipment Support > Hardware By Brand > Cisco > [Config] Cisco ASA 5505

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
AuthorAll Replies

HELLFIRE

join:2009-11-25
kudos:7

reply to mbruno

Re: [Config] Cisco ASA 5505

5505 can't do multiple contexts, so you're looking at a 5510 minimum.

said by mbruno:

What I would like to do is segment the network so each lab has its only sub network to work from to keep all the labs separate.

Would LAB1 be able to talk to LAB2 and LAB3, LAB2 to LAB1 and LAB3, and so forth? If not, an alternative to try would
be to drop the 3 labs into different VLANs but the same security level, and use no same-security-traffic permit
intra-interface so that interfaces in the same sec level cannot talk to one another.

said by mbruno:

On top of this I want to be able to do one to one static mapping.

Static NATs are doable, just don't ask me how to do them in 8.3 and up... one word, UUUUUUUUUUGLY!!!!

My 00000010bits

Regards
to forum · permalink · 2012-09-05 23:01:15 ·

aryoba
Premium,MVM
join:2002-08-22
kudos:3

said by HELLFIRE:

said by mbruno:

On top of this I want to be able to do one to one static mapping.

Static NATs are doable, just don't ask me how to do them in 8.3 and up... one word, UUUUUUUUUUGLY!!!!

It is not ugly, rather related commands are consolidated

You'll get used to the new command at some point
to forum · permalink · 2012-09-06 09:00:22 ·

mbruno

join:2003-07-03
Fruitland, MD

reply to HELLFIRE
I do want the labs to be able to talk to one another, but just not use the IP space from the other labs. As with most users you can tell them until you are blue in the face of what sub-net and gateway to use but they still muck it up. I know what you are thinking, I can't stop the users from changing the IP address since it's a lab. To throw salt into the wound, management will not hold them accountable for anything. It is like the wild west at times working as a contractor for the government.

I guess the other thing I could do is buy an ASA5505 for each lab with the security pack. We are looking at three maybe four units. That way even if they try to use someone else IP space they can't!

to forum · permalink · 2012-09-06 12:28:42 ·

aryoba
Premium,MVM
join:2002-08-22
kudos:3

Unless the lab is a separated network and "not sharing" the production network IP scheme, anything happen in the lab stays in the lab.

Buying additional firewalls won't stop a situation of overlapping IP scheme though

to forum · permalink · 2012-09-06 16:37:19 ·
Forums > Equipment Support > Hardware By Brand > Cisco

Sunday, 19-May 19:18:06 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics