Cisco Firewall :: Keep 2 Networks Separate On ASA 5505

May 7, 2012

1. I currently have a Comcast Business Class Gateway, Cisco 2100 Series WLAN Controller and a Cisco ASA 5505 all connected together to supply LAN and WLAN internet connections on my network.
 
2.  I also have a Card Access Security System on it owns network.  It currently does not have internet access.
 
I would like to put my security system on the internet so that I can support it remotely.  To do this, it has to be on a firewalled internet connection.Can  I put the two networks on my ASA 5505 and keep them seperate?  I don't want to provide a path into the Security System through my current LAN & WLAN.  But I do need a frewalled internet connection on my Security System.  I am trying to avoid purchasing a seperate firewall.

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5505-ISP Providing DHCP And Separate IP Block

Mar 12, 2011

I have a ASA 5505 that I have been using for a while, but a new ISP is trying to configure my service so that the outside interface has to be configured as DHCP to receive a reserved IP address, and then they will route a separate, non-contiguous block of addresses to that address.
 
Essentially, they have a DHCP reservation for 1.2.3.4 for my ASA, and then they have 10.2.3.16/28 as a separate block routed to me.
 
Obviously, I can do my static NAT translations using outside as the address, but I cannot get the separate block of addresses to route through the ASA. Is there a way to do this and get them to work? My ASA is running 7.2(2)

View 3 Replies View Related

Cisco Firewall :: Multiple WAN IPs Routed To Separate Internal VLANs On ASA 5505

May 25, 2011

I have an ASA 5505 with the security plus software and I'm trying to find out how to assign 2 public IPs to the outside interface and have each IP routed to a separate internal VLAN. For example, IP 1 = X.X.X.1 routed to 192.168.1.0 and IP 2 X.X.X.2 routed to 192.168.2.0. I was told this was possible and I've been trying to find configuration examples, but I can't seem to get anywhere and now I'm getting desperate because I'm scheduled to install it this weekend.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 With Dual ISP And 2 Networks

May 7, 2013

I would like to configure a Cisco ASA 5505 with Dual ISP (ISP 1 and  ISP2) and two networks (network 1 and network 2). My customer need that  clients in the network 1 connect to Internet with ISP1 and clients in  the network 2 connect with ISP2. If a failure occurs in ISP1 (just an  example) the network 1 clients connect with ISP2.

View 10 Replies View Related

Cisco Firewall :: 5505 PAT Between 2 Networks On Same Interface

Nov 6, 2011

I'm using asa 5505 with 8.4(2) and have the following problem.I have 2 Networks. each Network has it's own externel Internet-Ip and also Mail-Server.
[code]

Now I want a communication between the two Mailservers with their external Ip-Address.I did a static NAT from ipnt any to int any or also from int routed to int routed, but nothing worked.Packet tracer showed at NAT-Lookup where the externel adress of the second Mailserver is passed: Info Static translate Network1 to Network1
 
But it should show a translation from network1 to network1-external.Due to Security reasons, I cannot paste the whole config.Under 8.0 I did the same configuration with Policy-Nat and it worked.

View 1 Replies View Related

Two Separate Networks On One PC?

May 1, 2011

I have 2 PCs at home. Lets name one of them as PC 1 which has two onboard LAN Ports. Now, PC1 has to connect to PC 2, just a home network for easy transfer on files and stuff, and it also has to connect to the internet via a network. The problem is both of them use static ip and when I tried configuring PC 1, it allows only one of the connections to remain active. I simply get an error otherwise saying "Multiple Gateways" will cause conflict and I will be stuck with only one connection. After much study I "somehow" connected both. I vaguely remember using the "route" command in cmd to achieve this. But now, I am getting an error when I try to access PC 2. My Internet is working fine.I am not network savvy at all. run both these connections from PC 1. I should add that I can in no way modify/change/or do anything else to my internet network since it is out of my control. I can do anything, however, for my Home Lan with PC 2. I run windows 7. Both the connections are wired, by the way.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Allowing Multiple Networks On DMZ?

May 22, 2011

I have 3 networks coming on DMZ (VPN) interface. Only one network is able to ping the DMZ interface. See below networks coming i on the DMZ.
 
10.132.24.0/2410.132.25.0/2410.132.26.0/24 Only the 10.132.26.0/24 netork works as it is in the same range as the DMZ interface.
 
allowing the other two networks to communicate. I've attched the diagram and configs for your perusal.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Setting Up 2 LAN Networks And 2 WAN Connections?

May 16, 2013

I have an ASA 5505 with Security Bundle license.
 
I am able to create 2 LAN networks (192.168.9.0 and 172.16.9.0) Vlan1 and Vlan12 respectively. I also setup 2 outside interfaces (outside1 and outside2).
 
Network 1 (192.168.9.0 - VLAN1) has no issues going out via Outside1, however I can't get Network 2 (172.16.9.0 - VLAN 12) to go thru outside2.
 
I put in a static route (route outside 172.16.9.0 255.255.255.0 x.x.x.x), the x.x.x.x is the default gateway of my ISP.                  

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Routing Between Internal Networks

Feb 18, 2013

I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
 
1. Outside
2. DMZ
3. ServerNet1
4. Inside
 
ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it. [code]

View 13 Replies View Related

Cisco Firewall :: ASA 5505 Connecting 2 Internal Networks?

Nov 7, 2012

We recently changed locations and acquired a new circuit from our provider. They also connected our remote branch office to our main office through MPLS. Now, as I understand it, the branch office basically connects back to the main office through our providers network (MPLS). We have a new router at the branch office which has a gateway of 192.168.1.225. The clients in that office have IP's of 192.168.1.96 - 100, using the gateway of 192.168.1.225.
 
The main office network is 192.168.0.0 (Gateway of 192.168.0.1)
 
At this end (Main office), I also have a new Cisco 2900 provided by the ISP, with port 0/0 for the outside connection (connected to the 0 port on my ASA 5505). The ASA's port 1 obviously running into my network hub. The provider tells me that port 0/1 on the 2900 is or should be used to connect the branch office back to here and has an IP of 192.168.0.225, as that's how the provider provisioned it. So, I plug that into the ASA's Ethernet port 0/2. And I'm assuming they have a route setup either on the 2900 or the router in the branch office so that 192.168.1.225 can reach me here at 192.168.0.0.
 
There is already a static route setup on the ASA: (192.168.1.0 255.255.255.255 192.168.0.225 1). As soon as I plug in the cable, the IP phones at the branch office work, but they can't access the internet or any resources in the main office. My questions are:
 
1. Shouldn't I be able to just go straight from the 0/1 port on the Cisco 2900 to my hub. At first I was plugging right into the ASA, but I don't think I need to do that, why go from the branch office through my ASA to access resources and then back out the ASA for internet. If they're already coming from 192.168.1.225, through the MPLS network, then they should go right to my network and then back out the ASA.
 
2. They have to route through the ASA first, in which case, do I need to setup another VLAN for that branch network in conjunction with a static route? I can ping the router and hosts in the branch office through the ASA only!
                 
Below is the running sanitized config:
 
Result of the command: "show running-config"
: Saved:ASA Version 8.2(2) !hostname ciscoasadomain-name audiology.orgenable password ulzaQiFnKVzDwUmW encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.0.1 255.255.255.0 ospf cost 10!interface Vlan2nameif outsidesecurity-level 0ip address 1.2.3.4 255.255.255.240 ospf cost 10!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!boot system disk0:/asa822-k8.binftp mode passiveclock timezone EST -5clock summer-time EDT recurringdns server-group DefaultDNSdomain-name audiology.orgsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceaccess-list

[code]....

View 16 Replies View Related

Setting Up Two Separate Networks With One Isp?

Feb 5, 2012

I would like to set up two separate networks from one internet connection(modem), with the goal being to have a public network(Network A) that would have a small server on it, and then having a second secured network(Network B) that would have my personal computers on it. And both networks having connection to the internet. (The idea being that if the server somehow became compromised that my personal computers and their data would be safe)I have done some research and found that many people claim this can be done with just two or three routers, but none of them go into any detail about how to configure the routers. Below are the physical setups of the two options that I have come up with in my research, which if either would you recommend? And how would I configure each of the routers?

--------------
Modem/router 1 (Network A public)
--Internet-in WAN port
--port 1 to WAN of router 2-------------l
--port 2 server

[code]...

View 2 Replies View Related

1 PC Accessing Two Separate Networks?

Sep 12, 2012

I have two subnets at my home and both run through my Cisco router. One is my private LAN with access to the Internet, ie your standard home network. The other is a semi-public network that I share with friends through an encrypted GRE tunnel system(DMVPN) over the Internet. I have a server on that semi-public network and I can access my friend's servers from my server, but not from my main PC on my private network.

Is there a way I can access both networks from only my main pc using two nic's?

View 7 Replies View Related

Two Separate Networks On One DSL Modem?

Mar 29, 2012

how I can setup two separate networks on a Westell 327w modem/router. I know this question has been asked to death and I've utilized the search function, but I still don't know how to make this work. I have a computer that I plan on using for important business and my sibiling has my other computer that he uses for gaming and downloading stuff. His computer is connected wirelessly to the Westell 327w. My computer has no internet access at this point. I would like to have both connected wirelessly to the internet, but keep them completely separate and as secure as possible, as he downloads some questionable things.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Allowing Traffic Between Two Internal Networks

Aug 30, 2011

I'm usually not working with this product, but this is what I'm trying to do.I have 2 internal networks setup on our Cisco ASA 5505 firewall. (not done by me, I'm a new to this product)I'm trying to access a server on one network from a PC located on the other internal network. (preferable through the web gui)When I try "Packet Tracer" from interface "Trust4" it fails on the NAT phase.(Source ip: 10.0.4.99, Destination ip: 10.0.6.99)
When I check the NAT rule, it says:
Type            Source     Interface    AddressDynamic         any          outside      outside.

View 3 Replies View Related

Cisco Firewall :: 5505 - ASA Install Inside Networks Can't Browse Each Other

May 19, 2011

I just installed a new ASA 5505 for an office with three internal subnets.  The three networks can each get online fine and ping eachother, but cannot browse to shares on the two internal networks other than their own.  How do I configure the ASA to allow all traffic between these three inside networks?
 
192.168.152.0
192.168.152.0
192.168.154.0
 
[code]....

View 21 Replies View Related

Access The Devices Of Two Separate Networks?

Apr 26, 2011

I have two separate network with their own internet access as shown below I want to keep all setting of the left network unchanged. I can change the IPs and setting of the right side network.I want to be able to access all devices of the two network from my computer but in the same time the two network work as usual with no problems ( the same when they are sperate).One option is to set the LAN of modem 2 to 192.168.2.2 and connect one of the LAN port to LAN port of the Mkrotik router. Set the WAN of my private home router as

IP: 192.168.2.100
subnet mask: 255.255.255.0
gateway: 192.168.2.2
Home router LAN: 192.168.3.1

Is their another method to connect the two network and keep the same setting for the network on the left side?

View 2 Replies View Related

How To Make Two Separate Networks On One Connection

Feb 9, 2012

I am trying to make 2 COMPLETELY seperate networks with only 1 internet connection. We have routers, switches and all that. But we need to know how to set it all up. there are 2 companies in the same office, each company needs their own network at which they can view eachothers files but in no way view the other networks files.

View 1 Replies View Related

Setting Up Separate Networks With VLAN

Oct 3, 2012

I'm new at this stuff and very stumped. I have one WAP with multiple SSIDs that support VLAN ID (for a private and guest wireless network) and a managed switch that supports tag or port based VLAN ID. How do I set up the switch so that the networks are separate, but can still reach their own routers to get on the Internet? In case details are necessary, the WAP is a Cisco Aironet 1130AG and the switch is a Netgear FS750T2

View 14 Replies View Related

Two Separate Networks On One Cable Modem

Feb 5, 2012

We are a small office currently running a regular network (9 wired, 2 wireless) and also using the "guest" feature (7 wireless) on a Linksys E2000. We have a switch to connect our wired equipment to the E2000. If "A" is our regular network, and "B" is our guest network, is it possible to have 2 routers on 1 cable modem and still prevent network "A" from seeing Network "B" and vice versa?? We are looking to do this because we will soon be exceeding the maximum guest users (10) allowed by the E2000. We have another Linksys router in storage, I think it is a WRT54G, that we would use if this is possible.

View 1 Replies View Related

How To Connect 2 Routers - No Separate Networks

Mar 3, 2013

I want to connect 2 routers like this picture.No need to have it as separate networks.

View 3 Replies View Related

Cisco Routers :: Vlans On R180W To Separate Networks?

Jan 29, 2013

I have a network set up between two buildings.  Each building has its own internet connection and DHCP server, building A using an RV180W router and building B using a linksys product.  A WDS bridge has been set up between the two buildings using two wireless access points.The goal here is to allow clients in either building to be assigned an IP from their respective DHCP server (and thereby use that building's internet connection), yet still access network resources (eg file storage, printer, etc.) in the other building should the need arise.I have tried to set this up by having the RV180 assign IP's in the range 192.168.0.xxx to its clients in building A, and the linksys to assign IP's in the range 192.168.1.xxx in building B.  I have enabled Vlan 1 and Vlan 2 on the RV180 - vlan 1 runs a DHCP server for building A.  Vlan 2 runs no DHCP server and is directly connected to the WDS bridge to building B.  Inter Vlan routing is enabled on both Vlan 1 and Vlan 2.On the WDS bridge modules, ive assigned both static IP's in the 192.168.1.xxx range (vlan 2 range).  I've specified their dns and default gateway as 192.168.1.2 which is the static address for the RV180 in vlan 2.From a PC in vlan 1, I can ping and access the webgui for the WDS bridge modules which are in Vlan 2.  However, i cannot ping any other computer in Vlan 2 which is set to accept a dynamic IP from the DHCP server operating in Building B.  I assume this is because the WDS modules point to the RV180 as their default gateway and dns server, while the clients that have accepted a dynamic IP from the building B DHCP point to that device as their default gateway and DNS.I am considering trying changing the DNS and default gateway on the building B side of the WDS bridge to the building B values to see if that works, but am concerned i would lose all connectivity to the webgui from building A if i do that. 

View 7 Replies View Related

Cisco Routers :: RV180W And Two Completely Separate Networks

Aug 15, 2012

I'm an architect working in a small office that happens to be home to two seperate businesses, each with their owner network.  However, these two networks want to use the same large format printer.  I recently purchased the RV180W since the Cisco representative told me i would be able to connect both networks to the router so they can both see the printer without seeing the files on each of the other networks.  We simply want to share the same printer.
 
Network 1:
192.168.4.1
 
Network 2
192.168.2.1
 
Large Format Printer
192.168.4.151
 
Network 1 has the RV180W as it's router with three gigabit switches.  Computers and peripherals are connected to the three switches.  1 port open on the last switch.
 
I want to configure the RV180W to see both 192.168.4.1 and 192.168.2.1
 
What settings need to be modifed in order to accomplish this?  Do I need more equipment?  Is it easier to put a wireless card in one of the computers on the 192.168.2.1 network and then set it to see the 192.168.4.1 network?

View 3 Replies View Related

Cisco Switches :: SG300 Switch 2 Separate Networks

Sep 1, 2011

We have 2 separate networks here, 1 for data (192.168.0.x) and 1 for VOIP phones (192.168.3.x).
 
I need them to both be connected to different ports on a switch (Cisco SG 300 10 port managed switch) which is then linked to another switch (Cisco Catalyst 2960 48 port switch). Then on this 2960 switch I want the link to be split back into the 2 separate networks. I think that I need to create 2 separate VLANs and assign them to different ports.

View 2 Replies View Related

Why Should Wireless And Wired Networks Be On Separate Subnets

Oct 24, 2011

With traditional classful subnetting, the same number of host bits is used to designate the subnet ID for all the resulting subnetworks. This type of subnetting always results in a fixed number of subnets and a fixed number of hosts per subnet. For this reason, this is known as fixed-length subnetting. The decision about how many host bits to use for the subnet ID is a big planning decision. There are two considerations when planning subnets: the number of hosts on each network, and the number of individual local networks needed. The table for the subnet possibilities for the 192.168.1.0 network shows how the selection of a number of bits for the subnet ID affects both the number of possible subnets and the number of hosts that can be in each subnet. One thing to keep in mind is that in all IPv4 networks, two host addresses are reserved: the all-0s and the all-1s. An address with all 0s in the host portion of the address is an invalid host address and usually refers to the entire network or subnetwork. An address with all 1s in the host portion is used as the local network broadcast address. When a network is subnetted, each subnet contains an all-0s and an all-1s host address that cannot be used for individual host addresses.

View 2 Replies View Related

Share Internet Access Between Two Separate Networks?

Oct 20, 2011

I want to share one broadband connection between network A 192.168.1.xxx and network B 192.168.0.xxx. Network A is SBS 2008 while B is Linux with static IPs.

View 5 Replies View Related

DIR 655 - Connecting Two Routers Together And Keeping Networks Separate

Jul 31, 2012

I have two dir655 routers that are connected. The second router is not setup as a wireless access point, but I am open to that if it will work. The second one is going to serve as a public wifi in a business, with a separate SSID. The first one is going to handle the local business network, with its NAS and printers. How would I prevent the public wifi from accessing the first router?

I have tried the guest wifi partition setting, however it still allows access to the lan devices on the first router. It does partition with the second router properly though, but thats not worth anything to me cause there are no lan devices on the 2nd router.

Would it work right if I turn the 2nd router into a access point, disable the dhcp server, and set it up with the guest wifi partition?

View 19 Replies View Related

Cisco Switches :: ESW-520 / Setting Up Two Separate Networks With Access To Shared Resources?

Jan 19, 2013

We have a two separate businesses in the same building who will both need access to shared resources and the same internet connection. They will need to remain on separate subnets and cannot communicate directly to each other. The current switch is a Cisco ESW-520-48P and we are looking at purchasing an SG-300-20P for the new business moving in. Heres how we envisage setting it up:
 
ESW-520 will host Company A's network. Workstations, servers etcSG-300 will have two VLANS. VLAN1 will host all Company B's network. Workstations, servers etc. VLAN2 will host the shared resources such as printers. The internet gateway is a UNIX based system with 3 NICS. 2 NICS are taken up by ADSL connections while the other NIC is the LAN, which would connect to VLAN2 on the SG-300. We would like to define which ADSL connection to route through depending on which subnet traffic is originating. The ESW-520 will need access to the shared resources and internet gateway on VLAN2 on the SG-300. 

View 4 Replies View Related

Linksys Wireless Router :: E2000 Separate Networks On One Modem / Two Routers

Feb 27, 2012

Using a Linksys E2000 and Linksys WRT54GL (both flashed to most recent firmware), I am trying to set up Network "A" and Network "B" on one modem. I do not want either A or B to be able to see each other for security purposes. Both are secured networks for the wireless connections and have different SSIDs.
 
After online research, and the inability to find my exact question answered, this is what I did and I'd like to know if I'm missing anything to keep A and B completely separate. Or, if I've done anything that will cause any problems on my network. [code]
 
I disabled the ability to change settings using wireless connection on both routers.

View 9 Replies View Related

Two Routers (cisco E1200 / Dlink Dsl 2750b) Separate Wifi Networks - One Internet Connection?

Dec 12, 2012

I am trying to set up two routers so that I can offer free wireless connectivity via three AP's in three adjoining rooms on a first floor and secured wireless and wired network connectivity in upstairs offices. The setup is like this:

Verizon DSL connectivity..static IP

The gateway modem/router is a Verizon DLink DSL 2750B with three ports connecting to three wired Access Points in three first floor adjoining rooms, and the 4th port connecting to a Cisco E1200 (wireless and ethernet router) located next to the Verizon Dlink. I would like the Verizon DLink to give open wireless connectivity via the access points and also connect to the adjacent E1200 router.

I would like the Cisco E1200 to offer secured wireless and ethernet connectivity to the upstairs offices. (connecterd to the Cisco E1200 is a 24 port Netgear switch.)I have spent considerable time talking with Verizon and Cisco/Linksys but have not been successful in just how to set this up.A former tech actually did have this setup but for what ever reason the settings were reset to factory defaults with no written record as to the necessary settings.

View 4 Replies View Related

Cisco VPN :: How To Separate W-Fi And LAN With ASA 5505

Dec 12, 2012

We have CISCO ASA 5505 in our office , right now port 0 has configured for outside and port 1 for inside (I believe it is the default configurations) now for security reason I want to separate the Network traffic from inside (office LAN) and WIFI , I believe since i have 6 ports in vlan1 (inside) if I make the port which has the connecting to our switch and the port which i m going to connect to my wireless router (same vlan1)  protected / isolated then this should work ,  but here is what is happening , the minute I save the configurations port 3 which is supposed to be my wifi port will lose its connection to the Internet.
 
i tried to make another vlan for wifi to separate the trafic from vlan1 , but I m not getting internet connection on that port which is been assigned to new vlan for wifi.

View 5 Replies View Related

Cisco VPN :: Setup Two Separate IPSec VPNs On ASA 5505

May 12, 2013

I'm having trouble setting up a second IPSec VPN tunnel on my Cisco ASA 5505 to another office. I was able to setup the first one with no problem through the ASDM, but have not been able to get the second one up.The IPSec tunnel is connecting to a WRVS4400N router at the other office. I tried debugging crypto isakmp, and crypto ipsec, but I'm getting nothing. Below is the config. Does something look wrong on my end? I also attached a screenshot of the parameters setup on the remote router.

View 7 Replies View Related

Cisco VPN :: 5505 LAN-To-LAN VPN With Multiple Networks

Sep 20, 2011

I currently have a hub-and-spoke VPN configuration with 6 ASA 5505's at remote sites all connected to an ASA 5510 at HQ via IPSEC lan-to-lan tunnels. My current configuration allows hosts on the remote site networks to talk to hosts on the HQ network, but not to hosts on the other remote sites.I have receieved a request to allow comminucation between the remote sites as well, with traffic all routed through the 5510 at HQ.

View 1 Replies View Related

Cisco Switching/Routing :: ASA 5505 Two Networks

Jan 7, 2012

I'm fairly new to cisco and the  ASA 5505 I have the asa connected to the internet on 0/0 I have a computer connected to port 1 and on port 2 I have a netgear router. the asa is 192.168.1.1 and the netgear router is 10.1.5.1  I cannot get the computer connected to the asa to communicate with the devices on the netgear router and visa versa. Here is the show version.
 
ASA Version 8.0(4)!hostname ciscoasaenable password Yn8Esq3NcXIHL35v encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address dhcp setroute!interface Ethernet0/0switchport access vlan 2!interface (code)

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved