How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Drew Your Own Question
Drew
Drew, Network Specialist
Category: Networking
Satisfied Customers: 137
Experience:  Using 30+ years of experience to help you get it working.
68433724
Type Your Networking Question Here...
Drew is online now
A new question is answered every 9 seconds

I have a Cisco ASA5510 with 9.1 and ASDM7. I need help

Customer Question

I have a Cisco ASA5510 with 9.1 and ASDM7. I need help for one issue: After upgrade the cisco would not boot with current running config, even after coping it to startup config. and wr. So i need to resolve this issue first. After that i would need help
below. 1. ISP router will go to ASA5501 on Port0. 2. Port2 of ASA goes to Home Network (Vlan1) 3. Home network uses DHCP from ASA. 4. Port 3 onwards goes to Office network. (Vlan2) 5. Office network; DHCP uses Ms Active Directory server and not ASA. 6. Trust
relationship; Home Network should talk to Office. But no one can come from Office to Home network. So if a user is inside Home he can access Office network but if a user is inside office they cannot access home network. 7. Acess Rules; configure a rule on
Firewall that certain Mac address and Public Ips can directly connect to Office Network, rest is all blocked. 8. Anyconnect; Configure two anyconnect. one for home and one for office. 8. Any other recommandations to make firewall security stronger.
Submitted: 1 year ago.
Category: Networking
Customer: replied 1 year ago.
I am ok for extra money.thanks
Customer: replied 1 year ago.
OK i was able to fix the first issue of boot, But i still need help on configurations:1. ISP router will go to ASA5501 on Port0. 2. Port2 of ASA goes to Home Network (Vlan1) 3. Home network uses DHCP from ASA. 4. Port 3 onwards goes to Office network. (Vlan2) 5. Office network; DHCP uses Ms Active Directory server and not ASA. 6. Trust relationship; Home Network should talk to Office. But no one can come from Office to Home network. So if a user is inside Home he can access Office network but if a user is inside office they cannot access home network. 7. Acess Rules; configure a rule on Firewall that certain Mac address and Public Ips can directly connect to Office Network, rest is all blocked. 8. Anyconnect; Configure two anyconnect. one for home and one for office. 8. Any other recommandations to make firewall security stronger.
Expert:  Michael Hannigan replied 1 year ago.

Hello, my name is Michael. I can help you with your question, but we need to focus on one question. Please let me know which question you want to work on and I'll be happy to help.

The first thing I would do, thought, to make this a little bit more simple, is to use static addresses where you can, at least during the setup.

Mike

Customer: replied 1 year ago.
Mike, suggest when are you going to be online.
we can go one question at at time.
So we will start with:Trust relationship; Home Network should talk to Office. But no one can come from Office to Home network. So if a user is inside Home he can access Office network but if a user is inside office they cannot access home network.
But you would need to suggest me time so i can be online and try the commands on my cisco.thanks
PT
Expert:  Michael Hannigan replied 1 year ago.

That would be a typical scenario. Accessing outside the domain to a home system would be extremely uncommon. What are you trying to access from the domain?

Customer: replied 1 year ago.
Here is the scenario:
This is my setup is at my home, I have setup a company. So here is what i want to do.
On port 2 of my ASA5510 router i have setup office network and on port 3 i have setup home network.
Only home network is on wifi. On office network i have my servers.
So when i am on my wifi i want to access office network. But on the other hand if any user is on my office network i do not want them to access my home network as that is my personal network.Currently i simply connect using anyconnect to access my office network. I just want to avoid connecting VPN, since i am a room away.Please suggest if this is too crazy then i can live with VPN.All my other issues are now resolve.thanks
PT
Expert:  Drew replied 1 year ago.

Hi. My name is ***** ***** I can help you with part of your questions. I not familiar with the VPN part but can help with the port security.

It seems to me the simplest way to setup up the security you want is setting proper security levels on your interfaces. Are you familiar with how security levels work on the ASA? The jist of it is that traffic flows freely from higher security levels to lower but NOT vice versa. Security levels can be set from 0 to 100. So for example, you'd set your home network interface (port 3) to 100, your office interface (port 2) to 50, and your Internet connection (port 0) to 0. What this will do is allow your home access to both office and Internet, your office to Internet (because 50 is greater than 0) but NOT office to home (because 50 is less than 100), and nothing inbound from Internet (because 0 is less than both 50 and 100).

Make sense? Please let me know if you have any questions and how it goes.

Cheers,

Drew

Expert:  Drew replied 1 year ago.

I'm curious if you were able to try my suggestions and if it helped get things going? Please let me know.

Cheers,

Drew

Customer: replied 1 year ago.
Thanks Drew but answer you provided would not help. You are right that traffic flow between 0 and 100.
But in this case that would not help as i would need to create Access list. currently i configured VPN between these ports and its working fine.
Expert:  Drew replied 1 year ago.

Thanks for the update. Yes, the second you add a access list, security levels are null and void on that interface. But just to be clear, when using security levels, traffic flows unrestricted from higher to lower.

I'm glad VPN is working for you. I need to learn how to set that up for myself. ;)

Cheers,

Drew

Related Networking Questions