Subnetting allows you to create multiple logical networks that exist within a single Class A/B/C network.
You are tasked to setup a network given a 172.29.0.0/16 address. We have 16 bits to work with for subnetting.
- 15 states
- 6 data centers in each state
- 50 servers per data center
Keep in mind we need point-to-point connections from HQ to the 15 regions and from the regions to each data center. That means we need at least 2 x 15 = 30 WAN IPs in the first subnet division.
|# of Hosts (3rd octet)
So we need to borrow 3 bits from the 255.255.0.0 mask for a /19 mask with 32 hosts.
I’m not showing all the states but each network will be at increments of 32. Let’s take a look at the Colorado (172.29.96.0/19) network. There are 6 data centers. This means at least we need a subnet with at least (2×6) 12 hosts. Luckily we need a minimum of 50 hosts per subnet anyway. Depending on their growth intent (subnets vs more IPs). If the customer decides 50 clients are enough per data center, but they may add additional data centers, we should make sure we can accommodate the clients first. We’ll need to borrow 2 bits from the 4th octet (64 hosts), so our mask will be /26
|# of Hosts
The six data center networks:
Each center has a router that needs to be linked to the Colorado router. The point-to-point connections total to (5 x 2) 10 IPs. We can start from 172.29.97.128/26.
You can use this calculator to check:
If you’re getting a:
HTTP: processing GET URL ‘/admin/public/index.html’ from host error from the browser. These are the steps the check.
First run: show flash
You should see the asdm image there.
If you don’t, you’ll need to use tftp and grab the image from another ASA or from Cisco if you have a service contract. Make sure it works with the compatibility matrix: http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html
Enable mode: en
Configure terminal: config t
make sure the current configuration makes sense: show run http (This is an access list)
enable the server: http server enable
Designate the ASDM image file: asdm image [location of asdm image file]
Write to memory: wr m
If that doesn’t work the following might help: ssl encryption aes256-sha1 aes128-sha1 3des-sha1
Go into enable mode: en
Configure terminal: config t
Set to factory default: config factory-default
Hit the space bar at each of the “more” prompts.
Now write to memory: wr
Confirm with: show start
If you see an error:
ERROR: command can only be executed in single router mode
Erase the startup config: wr erase
Then reload (Don’t save current config): reload
All you have to do is enter privlege mode and enter: more system:running-config
Copy and paste this into a text file and run: configure terminal
You can paste at the prompt here. Once done enter: write memory
This Adaptive Security Appliance device is designed for SOHO and remote branches. It works out of the box with Ethernet 0/0 being the Outside Interface to the Internet (DHCP from ISP) and Inside Interfaces (Ethernet 0/1 to 0/7) are assigned IPs from DHCP (default 192.168.1.1/24). The ASDM interface can be accessed from the 192.168.1.0 network.
8-port, 10/100 switch
- Last two ports are PoE, which can be used by IP Phones or other PoE devices.
- These are only Layer 2 ports. You cannot configure Layer 3 IP address on each interface. Must use the “interface VLAN” command.
- Your license determines how many active VLANs you can have. The defaults: VLAN is Ethernet 0/0 and all other switch ports are VLAN1.
- Ethernet 0/0 is the Outside interface (Internet) and the rest are trusted Inside interfaces (Ethernet 0/1 to Ethernet 0/7).
- Base license allows you to configure 3 VLANs (Inside, Outside, DMZ). Security Plus license allows you to configure for failover redundancy, 20 VLANs, Trunk ports, no communication restrictions between VLANs. Also supports Active/Standby (non-stateful) firewall failover redundancy and Backup ISP Connectivity (Dual ISP)
Attach the console cable to the serial port on your computer. If your computer doesn’t have a serial port, you’ll need a compatible usb-to-serial converter.
My setup is done in Ubuntu 12.04 LTS Desktop. It has been tested on 11.04. You’ll need to get the minicom application:
- apt-get install minicom
- Once done enter: minicom -s
- Go to “Serial port setup”
- Hit “E” to set baud to 9600 8N1 (option “C”)
- Hit “F” to change Hardware Flow Control to “No”
- Hit “A” to change Serial Device to “/dev/ttyS0”
- Go back to the main menu and hit “Save setup as dfl”
- Then select “Exit minicom”
- Now you should be back at the shell prompt. Type “minicom” and you should be inside the ASA CLI.