Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...It's extraordinarily refreshing to see truly expert advice without having to wade through hipper than thou attitude..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > Communications Rack > Networking > Cisco: Routers Forum

ASA 5510 firewall

thread557-1688403
Read More Threads Like This One
Carpua (ISP)
17 Jul 12 3:37
Hi all

i have 3 routers 1800series,1900series and 3800 from the outside. i wanted to know if i can pluged them directly into the firewall e0/0,e0/2,e0/3 considering the ports on the firewall are configured with the ip on the same subnet.
Carpua (ISP)
17 Jul 12 3:41
The architecture im talking about is Router======firewall=======internal network
VinceWhirlwind (TechnicalUser)
17 Jul 12 21:23
To make it easier to understand, add a switch to your layout:

You have three routers.
Each router has one interface in subnet 10.1.1.0/24: ROUTER1: 10.1.1.10, ROUTER2: 10.1.1.20, ROUTER3: 10.1.1.30
These interfaces are all patched into ports in VLAN 10 in a 2950.
The 2950 has a port in VLAN 10 patched into the firewall with IP address 10.1.1.1/24.
The firewall has routes, eg,
192.168.16.0/24 --> 10.1.1.10
192.168.17.0/24 --> 10.1.1.20
192.168.18.0/24 --> 10.1.1.30

Does that make more sense?
Carpua (ISP)
18 Jul 12 7:42
hi Vince

the routers interface are on a different subnet. for example 196.40.172.1/30, 10.50.100.1/30, 10.59.8.1/30 and they are all looking for the .2 address as the next hop. please bear in mind that this routers are operationsl and are the third-party so changing the interface ip is out of option. and at the moment this routers are in operation
VinceWhirlwind (TechnicalUser)
18 Jul 12 18:06
I seem to have misunderstood what you meant by "... the ports on the firewall are configured with the ip on the same subnet."

You mean you have three different routers, each with an interface in a different subnet, patching into the ASA?

If that's the case, what's the question?
Carpua (ISP)
18 Jul 12 18:17
i wanna know if its safe to patch them directly into the firewall, like at the moment they are connecting directly to the internal network and we wanna put a firewall in between
VinceWhirlwind (TechnicalUser)
18 Jul 12 19:13
No. You need a design before you start just "plugging things in". Sit down and draw up a logical layer3 representation of how it's going to work.

The ASA represents a new Layer-3 hop between the routers and the internal hosts. This means you will need to remove the existing addresses from the routers and put those addresses on the "inside" interfaces of the ASA, and create 3 new point-to-point subnets linking the routers to the ASA "Outside" interfaces.
Carpua (ISP)
24 Jul 12 4:00
hi Vince

thanks very much for your help. i really appreciate it, everything working fine. my skype name is tefo3456 i could do with network engineer friends
VinceWhirlwind (TechnicalUser)
25 Jul 12 1:42
If you got it working with nothing more than my very summary advice then you *are* a network engineer in my books!
I've never actually used Skype, but I'll be sure to fire it up to say G'Day to you.
ADB100 (TechnicalUser)
25 Jul 12 9:23
I'd say plugging them directly into the firewall was a waste of precious *physical* firewall ports. Use 802.1q sub-interfaces and a layer-2 switch - unless of course you will be needing the full 100Mbps to/from each router.....

Andy
VinceWhirlwind (TechnicalUser)
25 Jul 12 22:26
I agree with ADB - when you draw up a design for your "gateway", it's good to have a few switches in there for physical connectivity.
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Cisco: Routers

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close