11-22-2007 02:19 AM - edited 03-05-2019 07:34 PM
We are planning on buying one of Ciscos appliance solutions (the ASA 55xx series) and would like to know if it's possible to bridge our RIPE assigned external IP-range to be used on an internal interface?
Our business demands that we can continue to use the same server IP's as we have today (they are hardcoded in some of our industrial applications) behind the ASA.
If this is possible, do you have any suggestions on where to look to find examples for setting this up (we have searched, but found nothing).
Best regards,
Ann-Marie
Digital Information AB
Sweden
11-28-2007 06:59 AM
You can achive your goal through NAT . Reasons are the security appliance uses proxy ARP to answer any requests for mapped addresses, and thus intercepts traffic destined for a real address. This solution simplifies routing, because the security appliance does not have to be the gateway for any additional networks.
11-28-2007 07:06 AM
But if I do not wish to use NAT? I would just like to subnet our network into 4 subnets and use each subnet on one of the interfaces. Then I can assign different security levels and traffic policies to each subnet, without having to use NAT. Or?
Best regards,
Ann-Marie
11-29-2007 04:02 AM
Yes but No and what do you realy want to do with it. The answer to this question commands what you can do with the firewall.
Ie do you want to be able to terminate VPN ?
If yes then forget about Stealth mode wich is used for bridging and so on.
But yes of course you can pass the firewall without using NAT (or rather Nating the addresses to themselves. However I would recomend against using it that way.
You actually loose great functionality. And you will loose a little bit more than 1/4th of your outside network.
imho its better to change the licensekey ip to a RFC 1918 address.
Regards
Torbjörn
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: