Firewall Questions (ASA)

the_Grinchthe_Grinch Posts: 4,141Member ■■■■■■■■■■
We're setting up a single ASA and I want to make sure my logic is correct:

Network Design:

Modem ---> Switch ---> Firewall (I know not ideal, but we're getting a dedicated connection thus it will be modem ---> firewall ---> switch)

Basically I am looking to use the Firewall for the VPN to connect to several remote sites (via site to site vpn) to a server we have a central location.

1. I have setup an interface as outside and assigned it a public IP address, should my default route on the ASA be this ip address?
2. I have an inside interface assigned an IP address scoped within the addresses the modem provides (a 10.x.x.x network) for the internal network. Is this correct to allow the remote sites to communicate with the internal servers at HQ? Provided I have an ACL to allow it.

Might have some follow up questions after this. Thanks as always!!
WIP:
Assembly
Data Structures
Javascript
Work stuff

Comments

  • RouteMyPacketRouteMyPacket Posts: 1,104Member
    To be honest, this sounds like a residential configuration. What kind of Router is this again? How can you assign an "outside" interface on your ASA while the modem is assigned that IP and is the gateway?

    The basic design would be something like this, just threw this together for you as a reference, this is a basic network and typically how it would be configured.


    2dbm88k.jpg
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • the_Grinchthe_Grinch Posts: 4,141Member ■■■■■■■■■■
    We have a business line and were provided a number of static public addresses to be used. The "router" is really just a modem from the provider that is fed into a switch that we have. I'm basically looking to setup the firewall for use as a VPN to access one server within the network. All communications would be blocked other then those on the port we have opened. Thanks for the map, it definitely helped!!
    WIP:
    Assembly
    Data Structures
    Javascript
    Work stuff
Sign In or Register to comment.