Best place to NAT?

Unanswered Question
Feb 27th, 2008

HI. Ill be doing an install of a T1 to a 2811, then to a ASA5505. Usually Ive done 5505's behind dsl or cable and let the 5505 NAT. But Im assuming Ill be getting a /30 address from the circuit provider, giving me 1 address. This is probably a simple question, but it seems like the 2811 will NAT, the inside interface will be private, then the ASA will provide DHCP for the LAN.

Im just not sure how to config the ASA with all interfaces being private. if someone has a sample config that would be great! Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danilo Dy Sat, 03/01/2008 - 19:44


/30 usually is between ISP router and your edge L3 device (firewall or router), ISP should provide you another subnet to be use in your network i.e. /29 or depends on how many you request.

However, if ISP is ony assigning you a single subnet /30 which is use between their router and your edge L3 device, it's either you didn't request for additional subnet or this is the only available subnet for the service you requested (or a lousy ISP :) )

Configuring NAT with only /30 in your edge router.

- Between your router and ASA is /30 (i.e.

- Inside your ASA is /24 (i.e.

- From your router, route to ASA

- No NAT needed in ASA

- NAT should be done in the router in which is the inside ip address




This Discussion