Inter-LAN routing

Discussion in 'Cisco' started by mowmentous, Jun 8, 2006.

  1. mowmentous

    mowmentous Guest

    We will soon be moving some servers over to a datacentre, and i am
    trying to figure out how we will route between the two locations. Here
    is a description of what we will need to do:


    Office <->Cisco ASA5520 <-----> Cisco ASA5520<->Datacentre


    Office subnet: 10.10.10.0/24

    Office ASA: 1
    Datacentre ASA: 2

    the line between the 2 ASA's is a 'private' fibre connection.

    ASA1 LAN ip is 10.10.10.1
    ASA1 fibre ip is 10.10.20.1
    ASA2 fibre ip is 10.10.20.2
    ASA2 LAN ip is open

    I have three questions:
    1) Can I run the 10.10.10.0/24 subnet in the datacentre? If so, how
    does this compare (efficiency, security, convenience) with choosing a
    different subnet. Choosing a different subnet is not that big a deal
    considering what we're doing, but not having to do so would save us
    from having to change a whole bunch of server ip addresses over.

    2) How do I go about configuring the routing between the two ASA's to
    allow the traffic to flow in both directions unrestricted? Only
    unicast traffic is necessary.

    3) If NAT is necessary, what type of NAT (or PAT) should I be using?

    Thanks in advance.

    -Adrian
    mowmentous, Jun 8, 2006
    #1
    1. Advertising

  2. mowmentous

    Guest

    mowmentous wrote:
    > We will soon be moving some servers over to a datacentre, and i am
    > trying to figure out how we will route between the two locations. Here
    >
    > Office <->Cisco ASA5520 <-----> Cisco ASA5520<->Datacentre
    > Office subnet: 10.10.10.0/24
    >
    > Office ASA: 1
    > Datacentre ASA: 2
    >
    > the line between the 2 ASA's is a 'private' fibre connection.
    >
    > ASA1 LAN ip is 10.10.10.1
    > ASA1 fibre ip is 10.10.20.1
    > ASA2 fibre ip is 10.10.20.2
    > ASA2 LAN ip is open
    >
    > I have three questions:
    > 1) Can I run the 10.10.10.0/24 subnet in the datacentre? If so, how
    > does this compare (efficiency, security, convenience) with choosing a
    > 3) If NAT is necessary, what type of NAT (or PAT) should I be using?


    Hi,

    I am not familiar with the ASA but I scanned the
    brochure.

    THe tidy thing to do is to use a different subnet for the ASA2 LAN.
    There may be workarounds for this but do you want
    to start out a new data centre with workarounds
    in critical areas of the design?

    If you dont want any security maybe you have the wrong platform?

    I frankly would consider 3750 switch. They you can change to
    GBE (unless you have that already?) if your bandwidth
    requirement grows.

    3750 is wire speed IP router as well as a L2 switch.
    , Jun 8, 2006
    #2
    1. Advertising

  3. mowmentous

    keshav

    Joined:
    Jun 6, 2006
    Messages:
    15
    If all your servers in datacenter , you can configure default route on ASA1 and have reverse route on ASA2 taking into consideration that the internet gateway is connected from the datacenter through ASA2.

    In this case for browsing ,you need to do a PAT on ASA2 and for accessing the servers from outside ,configure static nat on ASA2.

    Dont do any natting in ASA1 (make ASA1 work like a router with access-list and routing alone.

    Another option would be to configure static identity nat on ASA1 to force traffic to flow between different security zones in pix.
    keshav, Jun 25, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mamun Shaheed

    Inter VLAN Routing.

    Mamun Shaheed, Oct 22, 2003, in forum: Cisco
    Replies:
    5
    Views:
    22,725
    shakeel
    Dec 15, 2007
  2. John Gill

    Re: Inter VLAN Routing

    John Gill, Oct 27, 2003, in forum: Cisco
    Replies:
    4
    Views:
    4,374
    Andre Beck
    Nov 1, 2003
  3. Damo
    Replies:
    8
    Views:
    6,622
  4. FeatureBug
    Replies:
    3
    Views:
    14,573
    Ivan Ostres
    Sep 3, 2004
  5. Amy L.
    Replies:
    1
    Views:
    7,226
    Barry Margolin
    Sep 7, 2004
Loading...

Share This Page