Ok let's get this out of the way: Yes i'm 100% underqualified for this. Yes my boss should hire someone else to do it, but he sadly cant because of things being a bit tight money-wise at the firm they cannot afford someone else to do it. I'm the sole IT-guy of the firm (linux admin) and that's why this has come at my table.
So we got an cisco asa 5506-x for our rack. We have gotten one ipv4 /28 assigned by our ISP and one ipv6 /48
The primary scope is "Have the asa act as a firewall to protect internal servers, and seperate internal servers and external service on different vlans. The external servers should be assigned their own external ip from the /28.
Ipv6 is a plus but not strictly needed.
Everything is configured using the ASDM graphical interface.
From now on let's use the following faked subnet as an example: 211.51.112.140/28
I have done the following:
- set the asa ip to 211.51.112.142 with a subnet mask of 255.255.255.240
- set up the internal interface with 192.168.1.0 as an ip, with dhcp ranging from 192.168.1.5 - 192.168.1.128 subnet mask is 255.255.255.0
- set up external_servers interface with 192.168.2.0 as an ip with dhcp ranging from 192.168.2.5 - 192.168.2.128 subnet mask is 255.255.255.0
- set up a static route from /any4 to the gateway 211.51.112.141
Now i want to assign 211.51.112.143 to a server hosting a test website on port 80/tcp, the way i tried to do that was going to configuration > firewall > public server > add
- private interface: external_servers
- private ip adress: 192.168.2.5
- Private service: tcp/http
- Public interface: outside
- Public IP adress: 211.51.112.143
Am i doing this right? How can i prevent the servers on 192.168.2.* to access 192.168.1.*? Any best practice i need to think about?
Also a bonus question: How would i do this with ipv6? Is it the same way as with ipv4? As you can see i'm not really good with subnetting etc.
Any help would be appreciated. I'm certainly interested in best practices so i can learn it the right way from the start.
No comments:
Post a Comment