0

Two companies in the same building have merged,
company 1 has a Novell OES network that uses a 10.10.10.xx network with internet provided through an ASA 5512x firewall (that also provides some DHCP to the 10.10 network)

Company 2 has a windows 2003 domain network using a 192.168.x.x network with internet provided through an ASA 5505 firewall (and the Windows 2003 server providing DHCP and DNS)

I need to know what would be needed for the clients (Windows 7, XP, and a few Linux) to be able to see resources on both networks.

We have the combined resources of two "IT packrats" so can probably come up with almost any hardware needed to do this, and we have recently picked up a few extreme networks l3 switches, so if VLANs can help work this out, great! but we know next to nothing about configuring VLANs.

Willing to spend the time learning whatever I need to, but would like some direction as to where to start.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
Dennis Newman
  • 1
  • 1

3 Answers3

2

Hook an ethernet cable up between the two ASA's. Assign a /30 subnet for a link between the two routers, for example 10.11.0.0/30 with one endpoint being 10.11.0.1 and the other being 10.11.0.2. If the routers are too far apart, use a VLAN to act as your link network.

Add the appropriate routes to the two ASA, like for example 10.10.0.0/24 via 10.11.0.1 and 192.168.0.0/24 via 10.11.0.2. (I can't be more specific since I don't have the details.)

Set up the appropriate firewall policies to permit traffic.

Done. :-) Each network will end up using their pre-existing connection to the internet.

Per von Zweigbergk
  • 2,615
  • 2
  • 17
  • 27
  • With both companies in the same building, it's not clear it's desirable for both networks to use pre-existing internet connections. It seems like dropping one of the connections and routing both networks through the connection that remains would be some easy cost savings. – Joel Coel Sep 28 '15 at 17:14
  • @JoelCoel That would probably be the next step, but it's outside the scope of the question. It's also not clear that it would be easy to do that either, depending on how complex the config of the ASA is. Once you have the two networks playing together, you would have a clear path to accomplish that, though. – Per von Zweigbergk Sep 28 '15 at 17:27
  • Handling this at the ASA level sounds "easiest" but would we need to activate more "interfaces" on each ASA? both of them currently only have the basic license and they both have an interface used for a remote site connection, but I'm not an ASA programmer (haven't touched mine in a year) so I'm not sure exactly what would be needed to add the connection. - Yes eventually we would like to have everyone use the one internet connection, but - baby steps - – Dennis Newman Sep 30 '15 at 19:57
  • Hi, Dennis, I'd love to tell you, but I don't know the license model or the specifics regarding Cisco ASA. I'd suggest that you raise this as a seperate question with the specific design you want to accomplish. – Per von Zweigbergk Oct 01 '15 at 13:18
0

Depending on the size of the building, number of used IP addresses and organizational structure I would recommend considering IP address scheme merge. If that is not possible, then you need a router which would have two interfaces, one in each network. Then you have to configure each network host with a default gateway IP address which would be that gateway IP address in the network that configured host belongs to. Alternatively you can in the same manner set up a static route which points to the IP address of this gateway, respectively.

drookie
  • 8,051
  • 1
  • 17
  • 27
-3

Set on each asa a route to the other (so on the 5512 add a route to 192.168.x.x with next hop being the 5505, and on the 5505 set up the reverse route). If the 2 ASAs are physically distant, set up a vpn route between them.

In each lan make sure the local asa is the default gateway. Connect both asa devices.

That should be it.

a couple of guides from cisco:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/route_static.html

http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/ip.html

Dani_l
  • 498
  • 2
  • 8