Cisco Switching/Routing :: Subnetting On ASA 5505
Apr 5, 2012
we currently use the ASA 5505 router. We would like to create another subnet inside our LAN because we are running out of IP addresses.
current subnet info:
subnet:10.1.1.X
submark: 255.255.255.0
gateway: 10.1.1.251
we want to make another subnet, which we plan to use for all our network printers for now( other use in the future) PCs at 10.1.1.X will be able to print on the new subnet. the new subnet will be able to connect to the internet.
What's the best options we can do for the subneting? how can we configure the router? is possible to set another DHCP on the new subnet. we currently have one DHCP on the 10.1.1.X
View 1 Replies
ADVERTISEMENT
Dec 13, 2011
I am looking a old exercise I did last year about subnetting and I am wondering if is possible to subnet:
198.18.9.1 /22
I wrote down, last year, that:
16 bit are assigned to network
6 to subnet
10 to hosts
when actually I see a class C ip address with 10 bit assigned to hosts. So, how many bit do I have for network, subnet and hosts?
View 2 Replies
View Related
Dec 8, 2012
I am currently trying to understand Subnetting via CCNA. My progress is going well,I understand the class below:
Class A 0-127 Max IP 2^24 = 16777216
Class B 128-191 Max IP 2^16 = 65536
Class C 192-223 Max IP 2^8 = 256
However I have seen an example from an ip calculator website, and noticed this :
Address: 192.168.1.0 11000000.10101000 .00000001.00000000
Netmask: 255.255.0.0 = 16 11111111.11111111 .00000000.00000000
Wildcard: 0.0.255.255 00000000.00000000 .11111111.11111111
=>
Network: 192.168.0.0/16 11000000.10101000 .00000000.00000000 (Class C) - I would have thought this would have been Class B?
Broadcast: 192.168.255.255 11000000.10101000 .11111111.11111111
HostMin: 192.168.0.1 11000000.10101000 .00000000.00000001
HostMax: 192.168.255.254 11000000.10101000 .11111111.11111110
Hosts/Net: 65534 (Private Internet)
Is this an invalid IP/masks as the max hosts is 65534 (which should be class B?). If so shouldnt the IP address range from 128-191- eg 172.16 (I know that CIDR is the amount of 1's. ).What calculates the class is it the netmask or the range of the first octet?
View 1 Replies
View Related
Feb 29, 2012
Why isn't it possible to make following configuration:
View 9 Replies
View Related
Jun 1, 2011
you can subnet to meet the number of networks required, or you can subnet to meet the number of hosts required. In which circumstances would you use either one? or are they both the same? am kinda confused.Is subnetting according to the number of hosts VLSM? and subnetting according to the number of networks required is not VLSM subnetting? Also I'm on CCNA 1 chapter 6, if the other CCNA 2, 3 and 4 has chapters explaining subnetting better cos It's totally confusing me atm.Also, is my understanding correct, when a company wants a LAN made, a network designer see's how many hosts they require in each of their LANS and then chooses an appropriate address class and subnets it? and to connect the LAN to the internet he implements NAT on the router that connects to the internet, and that router translates the internal addressing scheme that was created into a public registered IP address from an ISP? Also does he just make the address up? for example if he decides to use class C, he just picks any random number in the class C range and subnets it?
View 6 Replies
View Related
Jan 11, 2012
Given the IP address of 172.16.10.22 and the network mask of 255.255.255.240... answer the following:
What is the network address?
What is the broadcast address?
What is the valid host IP range?
What I have done so far:
Part 1 - Broadcast address
172.16.10.22 - 10101100.00010000.00001010.00010110
255.255.255.240 - 11111111.11111111.11111111.11110000
Researching different ways to find the Broadcast address I took the binary IP address and replaced all numbers with 1's for the host bits identified in the subnet mask and came up with:
172.16.10.31 - 10101100.00010000.00001010.00011111
Is that the correct Broadcast address?
Part 2 - Network address
I am not sure what is meant by the network address and all my research has come up with either MAC addresses (obviously wrong) or CIDR notation...How do I calculate the network address?
Part 3 - List of valid IP's
Using the same address 172.16.10.22/28 I did the following:
28 is closest to 32 (block wise) so 32 - 28 = 4... 2 ^ 4 = 16 (block size)
IP address listing:
172.16.0.0
172.16.16.0
172.16.32.0
172.16.48.0
172.16.64.0
and so on...
The IP address in question is 172.16.10.22 and falls in the 172.16.0.0 - 172.16.15.0 block...
Is this the correct list of valid IPs?
View 5 Replies
View Related
Jun 15, 2012
We are setting up a test lab in our DMZ. The path to the internet is basically like this. Anything past the firewall is irrelevant. For this lab lets assume it is vlan 300.
LAB SW ---> DMZ-SW ---> ASA FW ---> INTERNET
LAB IP Range = 172.16.300.0 /24
GW = 172.16.300.1 (On FW int)
Trunked all the way through.
I have an int vlan set up on the LAB SW. It is being trunked to DMZ SW. DMZ trunks it to ASA FW where there is a failover with a redundant switch.On the ASA the interface 0/2 is a subinterface 0/2.300 being used as the default gateway.
I have DHCP running in a specific range on the LAB SW and do get an ip address when plugged in. I cannot ping the default gateway on the ASA FW.The GW is defined using default-router command for 172.16.300.1 i.e. default-router 172.16.300.1?
We are running ospf on the firewall. There appears to be a pattern with ospf and a similar subnet setup elsewhere. I was wondering based off of this info would configuring ospf for 172.16.300.0/24 allow me to ping the GW from a client on the LAB SW.Secondly. I trunked 300 on the DMZ SW but I didnt add the vlan to the configuration. i.e. conf t <enter> vlan 300 <enter> Does this really matter? Or is having the vlan in the configuration only pertain to access mode on interfaces?
View 1 Replies
View Related
Sep 16, 2012
I have a slew of 106001 messages coming into ASA log, from the outside interface. it appears like most of them are for standard traffic, such as TCP 80/443. i suspect these messages are from clients on the inside who have initiated connections to the internet, but then the client abruptly terminates application of something similar. Server side finally issues a close connection, reset or something else. Here is an example, with the ASA address being 1.1.1.195 (changed to protect the innocent ).
Another theory is that the NAT ip for clients is different than the actual interface IP, so that is behaving differently. For example, once the xlate times out, the IP used for the xlate is no longer active and any return packets to the interface would also error out - be refused. If the xlate was using the interface IP, that it would always respond in some way?
I can bump 106001 down to notification (5) or informational (6) level.
View 5 Replies
View Related
Feb 15, 2013
We have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .
Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]
View 20 Replies
View Related
Jun 18, 2012
I am in the process of acquiring a static ip address from my isp time Warner. I only want to pay for a single static, but I have a number of machines I want to put on the internet, a web server and a e-mail-server. Using a cisco router, a Cisco Rv 120w. Can I assign the static ip address my isp gave me to the Rv 120w and then crate a vlan to assign addresses to various computers. Or is this something my ISP does. I get the impression from the tech guy at Time Warner that this is something they do.
View 11 Replies
View Related
Apr 10, 2012
I wanna subnet my Network to increased performanced but im alil confused hereWhen looking at my ROUTER STATUS this is what i have.
INTERNET PORT
IP Address XX.XX.XXX.XX
gateway ip XX.XX.X.X
XX.XXX.XXX.XX
LAN PORT
ip address xxx.xxx.x.x
Which one of this ip addresses do i have to subbnet?,my router is a ,NETGEAR N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 Wireless router - 4-port switch (integrated) - EN, Fast EN, Gigabit EN, IEEE 802.11b, IEEE 802.11a, IEEE 802.11g, IEEE 802.11n.
View 19 Replies
View Related
Dec 5, 2011
how do i configure the new asa 5505 to be as a router as shown in the diagram note: the isps' routers placed in head office. but i cannot change the configurations of the isp's routers.
View 9 Replies
View Related
Dec 3, 2011
asa 5505 is on head office.is it possible to configure it as a router from headoffice to branches 1,2 and internet [code]
View 7 Replies
View Related
Jan 7, 2012
I'm fairly new to cisco and the ASA 5505 I have the asa connected to the internet on 0/0 I have a computer connected to port 1 and on port 2 I have a netgear router. the asa is 192.168.1.1 and the netgear router is 10.1.5.1 I cannot get the computer connected to the asa to communicate with the devices on the netgear router and visa versa. Here is the show version.
ASA Version 8.0(4)!hostname ciscoasaenable password Yn8Esq3NcXIHL35v encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address dhcp setroute!interface Ethernet0/0switchport access vlan 2!interface (code)
View 1 Replies
View Related
May 7, 2012
I have recently inherited a few networking responsibilities in an SMB network. Nothing overly complicated. Here's my issue, there is an ASA 5505 used for VPN and in the near future a DMZ. I can connect via the console but I'd rather use ASDM. The problem is that I can't get it to connect. VLAN 1 (Inside) has an address of 192.168.200.254. This is in ethernet 0/0. I have a laptop plugged into ethernet 0/4 and the laptop has an address on the same x.x.200 VLAN. I can ping the VLAN1 address, but I can't use http://192.168.200.254/admin to get to ASDM.
how I can do this? What I should check? Can the internal webserver that hosts the ASDM be turned off?
View 1 Replies
View Related
Aug 19, 2012
my ASA 5505 just woke up one day and didnt allow me to login to it with ASDM. i can console in though but telnet, ssh and asdm will not work. it just times out.
View 4 Replies
View Related
Apr 23, 2013
On the downloads page there's a 9.0.2.ED listed as the 'latest' but then if I expand the '9' below it I get to 9.1.1.ED. Which one is the actual latest? is there any way to tell the one that is not an 'interim' version I think 9.1.1 is also listed under interim?
View 4 Replies
View Related
Jun 24, 2012
I am interested in learning and setting up VPN IPSec with Cisco ASA 5505. I've managed to successfully setup VPN andcan connect to it from outside and browse securely to the outside/internet via tunnel. However, once I am connected to VPN, I cannot access any of my internal hosts/servers via VPN client. I am wondering it its a missing ACL/NAT...ASA Version 8.2(5)
!
hostname ciscoasa
enable password xxxxxxxxxxx encrypted
passwd xxxxxxxxx encrypted
names
[code]....
View 1 Replies
View Related
Jan 19, 2012
i have configuration my network infrastructure with the asa5505 like on image. i want that my users from lan 10.13.10.0/24 can to access to my LAN 192.168.0.0/24. can i use just routing or i must to use site to site VPN. how can i do it? how configure my asa 5505.on my LAN1 there's DHCP. From LAN side of my asa5505 i must disable DHCP.In my LAN1 i have DNS,Domain Controller. The users from my LAN3 need to access to LAN1 because of authentication and access to resources and programs. i attached my picture with configurtion.
View 2 Replies
View Related
Oct 18, 2011
i have 2960 l2 switch connected to the ASA 5505. for some or the other reason i am not able to do intervlan communication. have done trunk mode on both ends on the switch as well as on the ASA and native vlan 1 allowed. the trunk is up up i am able to ping only the vlan 1 ip from the switch to the ASA for the vlan 2 i am not and similar for vlan 3.
config on the ASA
ASA Version 8.2(1)
!
hostname ciscoasa
[Code].....
View 2 Replies
View Related
Jul 30, 2012
We have two sites: 192.168.100.x and 192.168.101.x currently connected via IPsec VPN. On each end we have a Cisco ASA 5505. However, each site also has an MPLS VPN with intentions to move all traffic to this link. Will this work on the ASA? We need to make sure traffic can hit the ASA @ site A on the inside interface and trafiic will forward to the MPLS VPN router which then handles the traffic. Too, will it cause any problems in bi-directional flow between the two sites?
View 3 Replies
View Related
Feb 25, 2013
I have seen this on 4 ASA devices:At devices running older versions than 8.4(5) it is possible to update to 9.1.1 but after updating to 8.4(5) the devices tells me that "There are no upgrades available, your system is up to date" when I "Check for ASA/ASDM updates". I downgraded one device to 8.4.4 and tried to upgrade to 9.1.1 but the update was unsuccesfull (could not boot).
View 1 Replies
View Related
May 10, 2012
Networking is not my gig, but it has to be at this very moment. We have an ASA 5505. Let me explain what's going on.
On Tuesday I wanted to be able to use the ASDM since there is less room for error. But we only had a console set up. So I ran the following commands...
in ($config)
http of course didn't do anything incomplete command
http 192.168.1.2 255.255.255.255 didn't anything incomplete command
http 192.168.200.254 255.255.255.255 inside
[Code]....
Everything started working after that. Everything worked fine all of wednesday and thursday. Then this morning it stopped processing again. When I traceroute it gets to the machine that is hooked up to the console and stops. So I'm guessing its actually getting to the ASA router and being swallowed up again...
View 23 Replies
View Related
Apr 14, 2013
I have 2 Vlans with seperate networks and want to create a route between one server in vlan 465 to another server in vlan 436 via port 80.Vlan 465 has a ASA 5505 inside that IP address 89.254.12.35 will be initiating the connection to address 10.200.1.213.
-Vlan 465: server address 10.200.1.213
-Vlan 436: server address 89.254.12.35
However for extended security I would like to restrict the firewall opening to an IP to IP opening.
View 7 Replies
View Related
Feb 21, 2012
I have a 3560X that is directly connected to an ASA 5505. I am seeing output drops on the 3560X interface that connects to the ASA. Below are the troubleshooting commands I have ran, but I don't see any indication to what is causing the problem.
3560X
show run int gig 0/24
!
interface GigabitEthernet0/24
[Code]....
View 1 Replies
View Related
Dec 14, 2012
I have an ASA 5505 with Security Plus License ?I have 5 Static IP Addresses from my ISP?I have the following interfaces. Outside (vlan 2) / Inside (vlan 1) / Guest (vlan 3)For my Vlan3 guest network I have set it up so that DNS must be routed through opendns.org's DNS servers ( for web filtering, etc ) However, its using the static ip that I have plugged into the ASA.
What I would like to accomplish is to put my inside interface (vlan1) on another static ip for outside access if thats possible, so that I can route those clients through opendns.org however however giving them more web privlieges than what the guest network is getting.
View 14 Replies
View Related
Dec 21, 2011
I need to backup my ASA 5505 configuration and restore it to default, then I'll configure manually the new config, but if something doesn't work I want to restore the backup made before.
I tried the "copy run tftp" command, and it always answers the same: Result of the command: "copy run tftp" [code] I read everywhere its supossed to prompt asking me tftp server address and file name.
View 7 Replies
View Related
May 23, 2013
I need to configure public and private wireless access using an ASA 5505 and an Aironet AIR-AP1041N-A-K9. I need to be able to do this via ASDM and http if at all possible. I simply do not have the time to learn hundreds of lines of arcane CLI code. The Aironet connects to the ASA successfully, and receives an IP. I can then connect to the AP wirelessly, but do not receive an IP. I have setup a second SSIDVLAN on the AP, and can't connect to it at all.
View 4 Replies
View Related
Nov 2, 2011
I recently removed a catalyst 2950 switch code version: c2950-i6q4l2-mz.121-13.EA1 ?I had an ASA 5505 connected as a switchport access to the 2950 on port 44. We will call the VLAN that the ASA sits on: VLAN 404. The 2950 had a trunk to our catalyst 6509 distribution switch carrying that VLAN 404. We also have a another VLAN for computers that sits on: VLAN 129, this is a standard DHCP vlan and it accounted for the rest of the switchports. The 2950 also has this trunked to our 6509 distribution switch.
Everything was working fine with that setup.After replacing the 2950 with a 3560 we started running into problems. The 3560 was configured the same exact way as the 2950. What was happening is that computers that sat on VLAN 129 started experiencing packet loss and were unable to work. It's as though the ASA was taking over the switch.
Is there a protocol that is enabled by defult on the 3560 that would do this?
View 4 Replies
View Related
Oct 7, 2012
I have a customer who has an ASA 5505 that is handling the routing for their internal network. They are running out of available IP addresses on their subnet 192.168.1.0/24. They have dumb switches that don't suppport multiple vlans or trunking & they are only able to connect to one switchport on the ASA. He doesn't not want to purchase any new equipment or rearrange their existing equipment at this time. The customer would like to statically assign IP addesses for 192.168.1.x & 192.168.2.x and have the ASA hand out DHCP addresses for 192.168.3.x addresses. The customer suggested configuring a super subnet. A 192.168.0.0/22 address scheme would provide an ip range 192.168.0.0 - 192.168.3.255 on a single VLAN. I know this is an unconventional way to setup an internal network & I will definitely advise the customer that this should only be considered as a temporary solution until they get more appropriate network equipment.
View 3 Replies
View Related
Oct 2, 2012
I'm trying to translate my inside network of 192.168.20.0 to my outside ISP address on ASA 5505. The ping from all hosts to 4.2.2.2 works, but it still only let's one address out to translate.My configuration is:
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
still doesn't work.
View 2 Replies
View Related
Sep 24, 2012
I inherited a Cisco ASA 5505 and am trying to piggy back the device off of an established Network. Here is the basic layout:
192.168.10.1 (Core Router - Handles DHCP/DNS)
192.168.10.9 (ASA 5505 - Piggy backing off of Network)
192.168.40.x (ASA 5505 - VLAN)
I'm able to get onto the Internet without any problems. Devices from the 192.168.10x Network can not ping the inside VLAN1 (192.168.40.x). However, I would like traffic going from the inside VLAN to the Outside VLAN to be blocked, except for 192.168.10.1 and 192.168.10.9. I've tried using ACL's but end up killing my Internet connection. 192.168.10.1 is the default route and is how I get out to the Internet. Is this possible? Essentially, I'm trying to set up a small Network that guests can connect to. The idea is that they can get to the Internet, but that is it. They can't get to internal resources on the 192.168.10.x Network
Here is the config:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password EeCsulrpu.9LalEE encrypted
[Code].....
View 5 Replies
View Related
Feb 27, 2013
I have not been able to figure out the resolution. The basic premise is to have 3 inside vlan networks controlled by a 1900 series router. Then have that primary LAN router connect to the inside of my ASA5505 Basic, then go out to my ISP Gateway. I have tried hundreds of different static route configurations on my router and asa. I have tried equally as many NAT and PAT configurations, but nothing seems to work. I have even tried using all the commands (specific to my topography of course) on this weblink from cisco: url...
View 12 Replies
View Related
