I want to put a cisco ASA 5506-x as the main firewall and router on the office network. As for gateway router we have that one that Comcast has provided and they say cannot take off that and the static IP address can't be removed from the gateway. Sitting behind this gateway we have a Sonicwall with a true static public IP address, mandatory from a company that provides a database software for our selling team that is a different network. Comcast router is in pass-through mode in order to let the traffic go directly to the Sonicwall. We have two different networks one from Comcast router and the other one is Sonicwall. Both network can't communicate with each other My question is: it is possible to put that Cisco Asa behind the Comcast gateway and the Sonicwall connect to ASA and be able to route the traffic to the internet but also to able to route the traffic between two networks so they can communicate. Or if I can connect both switches to ASA and create two gateways one for 10.1.10.0 and one for 192.168.1.0 so the traffic of 192.168.1.0 goes to SonicWall router and 10.1.10.0 goes to Comcast router, plus configure ASA to route traffic on both networks so they can communicate with each other. If yes, please give some info on how to do it. Or putting that ASA on my network may be obsolete? Any help is appreciated Thank you in advance 🙂
"Technical support from Comcast suggested that I need to buy another public IP address."
-
Connect Cisco ASA 5506-x with two gateways
-
@klenti-toska said in Connect Cisco ASA 5506-x with two gateways:
Sitting behind this gateway we have a Sonicwall with a true static public IP address, mandatory from a company that provides a database software for our selling team that is a different network. Comcast router is in pass-through mode in order to let the traffic go directly to the Sonicwall. We have two different networks one from Comcast router and the other one is Sonicwall.
The gateway (modem etc.) is being in passthrough mode is why your 10.1.10.0 and 192.168.1.0 cannot route between them. If the sonicwall has multiple interfaces you can probably plug a wireless router into it. Then configure the sonicwall to route between them without involving a Cisco 5506x. That's probably the least administrative effort and fairly effective solution.
I would look into that before making it more complex especially because of the database software for selling team. If that database has many special rules configured on the sonicwall. Adding an additional firewall, would at the minimum require you to reconfigure a new firewall with those equivalent rules.
You could probably do what you want but you will probably need to transfer the public IP on your SonicWall to the ASA. You may need to setup firewall rules to allow for traffic to the database software to be routed to the sonicwall. Also additional rules to allow for routing to occur between your two LANs. But you cannot do this if your modem is what is providing the wireless. I would connect your 10.1.10.0 switch the ASA and then a wireless access point to either the ASA or a port on the switch and the SonicWall to another port on the ASA.
Then reconfigure the original firewall with another IP interface between it and the ASA. reconfigure those rules to account for the new ASA.
