I still missing the NAT configuration but i will leave it right now because i will not be able to configue the asa till next thursday. the routers (192.168.1.250 & 172.50.1.250) are inside the head office connected to the same switch as the work stations
connections to branches go trough seperate dedicated lines. Thank you so much for the detailed explantion!ġ. Hope that's clearer - sorry for my bad in not reading your original post properly. You'll need to do NAT for Internet access, and NAT exemptions for connecting to your remote sites, but that's your basic layout on what you've drawn - with one minor change, which is your 'inside' IP range. Interface f0/3, nameif outside, IP adress whatever works with your Internet router. Are they dedicated links? And are the IP addresses you quote at your head office end, or the remote end?Įxtrapolating a bit, I'd go for a config something like this. Still need to know how you connect to those remote sites, though. Which means you're going to need to change the inside configurations (in your head office) so you don't get an overlapping IP range. Whups, I just re-read your original and saw the bit about not being able to change the configuration of the ISP routers. You'll also have to make sure the router at site 2 has a route (either a default or subnet-specific) route back to the asa - something like My example assumes you have a nameif of "site2" on the interface connected to the link to site 2, configured with an IP address of 192.168.20.1/30 and that you change the link IP address of the router at the other end to 192.168.20.2/30. If you have separate links, and assuming one link is conencted to each port, routing is pretty simple - just add statements similar to the following to your configuration Also, I'd use a smaller subnet on the link to branch #1 - you're using an IP address in a range of 65536, which makes it a bit awkward to route - I usually use a /30 on point to point links (or a /29 if HSRP or redundancy is required).ĭo you have separate links to site #1 and site #2, or are they VPN's out the DSL service? Your drawing looks like you have separate links, but it's difficult to be sure.
You have 192.168.1.0/24 inside your firewall, and 192.168.1.250 as the remoter router IP at branch #2 - this will be pretty difficult to route via your ASA as the IP adderss ranges overlap inside and outside, and the ASA won't like it. Mine crashed with a reply already half written - oh well, here we go again.įirst thing I'd look at is changing your IP addressing scheme if possible. but i cannot change the configurations of the isp's routers.ĭamn, I hate web browsers. Note: the isps' routers placed in head office. How do i configure the new asa 5505 to be as a router as shown in the diagram I am totaly newbie to cisco routing, but i have some basic knowledge about routing
0 kommentar(er)
