Firewall Questions (ASA)

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
We're setting up a single ASA and I want to make sure my logic is correct:

Network Design:

Modem ---> Switch ---> Firewall (I know not ideal, but we're getting a dedicated connection thus it will be modem ---> firewall ---> switch)

Basically I am looking to use the Firewall for the VPN to connect to several remote sites (via site to site vpn) to a server we have a central location.

1. I have setup an interface as outside and assigned it a public IP address, should my default route on the ASA be this ip address?
2. I have an inside interface assigned an IP address scoped within the addresses the modem provides (a 10.x.x.x network) for the internal network. Is this correct to allow the remote sites to communicate with the internal servers at HQ? Provided I have an ACL to allow it.

Might have some follow up questions after this. Thanks as always!!
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff

Comments

  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    To be honest, this sounds like a residential configuration. What kind of Router is this again? How can you assign an "outside" interface on your ASA while the modem is assigned that IP and is the gateway?

    The basic design would be something like this, just threw this together for you as a reference, this is a basic network and typically how it would be configured.


    2dbm88k.jpg
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    We have a business line and were provided a number of static public addresses to be used. The "router" is really just a modem from the provider that is fed into a switch that we have. I'm basically looking to setup the firewall for use as a VPN to access one server within the network. All communications would be blocked other then those on the port we have opened. Thanks for the map, it definitely helped!!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
Sign In or Register to comment.