09-17-2007 12:52 AM - edited 02-21-2020 01:41 AM
Hi,
I'm trying to setup an ASA5505. At the moment I'm trying to have a DSL connection with an static IP till I get my leased cct. However the internet IP range the ISP has given me is not in the same subnet as the DSL IP. I tried switching setting the DSL router in to bridge mode, but then it shuts the internet connection all to gether.
I'm running out of options of how to set up the outgoin port of the ASA5005 to internet via DSL. Can someone put me in the right direction please.
Thanks in advance.
Anuradha.
Solved! Go to Solution.
09-18-2007 10:02 AM
What are the capabilities of the DSL terminiation point ? If the DSL device has the ability to NAT RFC1918's/private IP's then you can have one private subnet behind firewall and one in front... DSL--->crossover>---outside firewall IP's 192.169.1.0/24 --- Inside firewall IP's 192.168.2.0/24. IPsec/vpn establishment through the firewall shouldnt be an issue depending on the ACL's/rule sets you have built. This depends on the type of DSL connection/DSL equipment.
09-17-2007 12:23 PM
What mode are you using the firewall in ...transparent or routed mode ?
09-17-2007 12:35 PM
When I put the firewall in to Transparent mode (Zyxel DSL router) it doesn't talk to internet at all. So I really don't have a option other than going with routed option.
09-17-2007 12:37 PM
Well if you hook the management port up to the routable DLS network you can manage it in transparent mode.
hope this helps
09-17-2007 12:47 PM
Sorry I didn't get you there. DSL router is having only a single IP. So it's ethernet ports are on privet IP range.
My problem is how would I terminate my VPNs if I use private IPs between the ASA and the DSL ethernet.
Thanks a lot for your input.
09-18-2007 10:02 AM
What are the capabilities of the DSL terminiation point ? If the DSL device has the ability to NAT RFC1918's/private IP's then you can have one private subnet behind firewall and one in front... DSL--->crossover>---outside firewall IP's 192.169.1.0/24 --- Inside firewall IP's 192.168.2.0/24. IPsec/vpn establishment through the firewall shouldnt be an issue depending on the ACL's/rule sets you have built. This depends on the type of DSL connection/DSL equipment.
09-18-2007 10:23 AM
Thanks Jim,
It's just a Zyxel DSL router which does basic NAT and firwall. I will try your recomandation. Once again thanks a lot.
Anuradha.
09-18-2007 10:47 AM
No problem :) please let me know if you run into any snags I am not to familiar with the Zyxel DSL router
-Jim
10-07-2007 01:35 AM
Can you terminate L2L in the scenario you describe above? I have always that you needed to utilize a static "public" addresses for this. For the question listed by the poster I would suggest setting your DSL router to transparent mode and then do the PPPoE authentication on the ASA so the ASA has a static address on it.
However I am interested in discussing the pros and cons of this method vs leaving it nat'ed.
10-07-2007 12:48 PM
Hi,
I changed my job before finalising this issue. At new place I hardly deal with FW stuff. It's mainly routing and switching.
Thanks for your comments.
Anuradha.
10-08-2007 11:09 AM
Thats no problem ... I was just wondering how you were doing with the asa.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide