ASA5505 settings

Answered Question
Sep 17th, 2007

Hi,

I'm trying to setup an ASA5505. At the moment I'm trying to have a DSL connection with an static IP till I get my leased cct. However the internet IP range the ISP has given me is not in the same subnet as the DSL IP. I tried switching setting the DSL router in to bridge mode, but then it shuts the internet connection all to gether.

I'm running out of options of how to set up the outgoin port of the ASA5005 to internet via DSL. Can someone put me in the right direction please.

Thanks in advance.

Anuradha.

I have this problem too.
0 votes
Correct Answer by jim.sellers about 9 years 2 months ago

What are the capabilities of the DSL terminiation point ? If the DSL device has the ability to NAT RFC1918's/private IP's then you can have one private subnet behind firewall and one in front... DSL--->crossover>---outside firewall IP's 192.169.1.0/24 --- Inside firewall IP's 192.168.2.0/24. IPsec/vpn establishment through the firewall shouldnt be an issue depending on the ACL's/rule sets you have built. This depends on the type of DSL connection/DSL equipment.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jim.sellers Mon, 09/17/2007 - 12:23

What mode are you using the firewall in ...transparent or routed mode ?

dlwanuradha Mon, 09/17/2007 - 12:35

When I put the firewall in to Transparent mode (Zyxel DSL router) it doesn't talk to internet at all. So I really don't have a option other than going with routed option.

jim.sellers Mon, 09/17/2007 - 12:37

Well if you hook the management port up to the routable DLS network you can manage it in transparent mode.

hope this helps

dlwanuradha Mon, 09/17/2007 - 12:47

Sorry I didn't get you there. DSL router is having only a single IP. So it's ethernet ports are on privet IP range.

My problem is how would I terminate my VPNs if I use private IPs between the ASA and the DSL ethernet.

Thanks a lot for your input.

Correct Answer
jim.sellers Tue, 09/18/2007 - 10:02

What are the capabilities of the DSL terminiation point ? If the DSL device has the ability to NAT RFC1918's/private IP's then you can have one private subnet behind firewall and one in front... DSL--->crossover>---outside firewall IP's 192.169.1.0/24 --- Inside firewall IP's 192.168.2.0/24. IPsec/vpn establishment through the firewall shouldnt be an issue depending on the ACL's/rule sets you have built. This depends on the type of DSL connection/DSL equipment.

dlwanuradha Tue, 09/18/2007 - 10:23

Thanks Jim,

It's just a Zyxel DSL router which does basic NAT and firwall. I will try your recomandation. Once again thanks a lot.

Anuradha.

jim.sellers Tue, 09/18/2007 - 10:47

No problem :) please let me know if you run into any snags I am not to familiar with the Zyxel DSL router

-Jim

Arthur Kant Sun, 10/07/2007 - 01:35

Can you terminate L2L in the scenario you describe above? I have always that you needed to utilize a static "public" addresses for this. For the question listed by the poster I would suggest setting your DSL router to transparent mode and then do the PPPoE authentication on the ASA so the ASA has a static address on it.

However I am interested in discussing the pros and cons of this method vs leaving it nat'ed.

dlwanuradha Sun, 10/07/2007 - 12:48

Hi,

I changed my job before finalising this issue. At new place I hardly deal with FW stuff. It's mainly routing and switching.

Thanks for your comments.

Anuradha.

jim.sellers Mon, 10/08/2007 - 11:09

Thats no problem ... I was just wondering how you were doing with the asa.

Actions

This Discussion