Monday, September 23, 2013

Cisco ASA 8.3/8.4: Adding A New Remote Site For Internet Access Through Your Main Site Firewall

Have you ever needed to add a new remote site to your network and add it to your ASA with 8.3 or higher code?  I mean, you already have the ASA setup and doing what you want it to do.  You just need to add the new site for Internet access.  Here is what you do.

The ASA needs to know about the new remote site.  192.168.7.0/24 is the new network.
object network obj-192.168.7.0
 subnet 192.168.7.0 255.255.255.0

You have to have a route pointing back to the internal core switch (10.10.1.1) to get to the new remote site.
route inside 192.168.7.0 255.255.255.0 10.10.1.1 

This was already in the config and no change needed, since it encompasses all internal networks.
object network obj_any
 nat (inside,outside) dynamic interface

Or, you could say this for the NAT translation:
object network obj-192.168.7.0
nat (inside,outside) dynamic interface
Posted by

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.

Subscribe to: Post Comments (Atom)