cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
808
Views
0
Helpful
10
Replies

ASA5505 settings

dlwanuradha
Level 1
Level 1

Hi,

I'm trying to setup an ASA5505. At the moment I'm trying to have a DSL connection with an static IP till I get my leased cct. However the internet IP range the ISP has given me is not in the same subnet as the DSL IP. I tried switching setting the DSL router in to bridge mode, but then it shuts the internet connection all to gether.

I'm running out of options of how to set up the outgoin port of the ASA5005 to internet via DSL. Can someone put me in the right direction please.

Thanks in advance.

Anuradha.

1 Accepted Solution

Accepted Solutions

What are the capabilities of the DSL terminiation point ? If the DSL device has the ability to NAT RFC1918's/private IP's then you can have one private subnet behind firewall and one in front... DSL--->crossover>---outside firewall IP's 192.169.1.0/24 --- Inside firewall IP's 192.168.2.0/24. IPsec/vpn establishment through the firewall shouldnt be an issue depending on the ACL's/rule sets you have built. This depends on the type of DSL connection/DSL equipment.

View solution in original post

10 Replies 10

jim.sellers
Level 1
Level 1

What mode are you using the firewall in ...transparent or routed mode ?

When I put the firewall in to Transparent mode (Zyxel DSL router) it doesn't talk to internet at all. So I really don't have a option other than going with routed option.

Well if you hook the management port up to the routable DLS network you can manage it in transparent mode.

hope this helps

Sorry I didn't get you there. DSL router is having only a single IP. So it's ethernet ports are on privet IP range.

My problem is how would I terminate my VPNs if I use private IPs between the ASA and the DSL ethernet.

Thanks a lot for your input.

What are the capabilities of the DSL terminiation point ? If the DSL device has the ability to NAT RFC1918's/private IP's then you can have one private subnet behind firewall and one in front... DSL--->crossover>---outside firewall IP's 192.169.1.0/24 --- Inside firewall IP's 192.168.2.0/24. IPsec/vpn establishment through the firewall shouldnt be an issue depending on the ACL's/rule sets you have built. This depends on the type of DSL connection/DSL equipment.

Thanks Jim,

It's just a Zyxel DSL router which does basic NAT and firwall. I will try your recomandation. Once again thanks a lot.

Anuradha.

No problem :) please let me know if you run into any snags I am not to familiar with the Zyxel DSL router

-Jim

Can you terminate L2L in the scenario you describe above? I have always that you needed to utilize a static "public" addresses for this. For the question listed by the poster I would suggest setting your DSL router to transparent mode and then do the PPPoE authentication on the ASA so the ASA has a static address on it.

However I am interested in discussing the pros and cons of this method vs leaving it nat'ed.

Hi,

I changed my job before finalising this issue. At new place I hardly deal with FW stuff. It's mainly routing and switching.

Thanks for your comments.

Anuradha.

Thats no problem ... I was just wondering how you were doing with the asa.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: