Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
226
Views
0
Helpful
1
Replies

Best place to NAT?

mx
Level 1
Level 1

‎02-27-2008 05:57 AM - edited ‎03-03-2019 08:53 PM

HI. Ill be doing an install of a T1 to a 2811, then to a ASA5505. Usually Ive done 5505's behind dsl or cable and let the 5505 NAT. But Im assuming Ill be getting a /30 address from the circuit provider, giving me 1 address. This is probably a simple question, but it seems like the 2811 will NAT, the inside interface will be private, then the ASA will provide DHCP for the LAN.

Im just not sure how to config the ASA with all interfaces being private. if someone has a sample config that would be great! Thank you.

Labels:
0 Helpful
1 Reply 1

Danilo Dy
VIP Alumni
VIP Alumni

‎03-01-2008 07:44 PM

Hi,

/30 usually is between ISP router and your edge L3 device (firewall or router), ISP should provide you another subnet to be use in your network i.e. /29 or depends on how many you request.

However, if ISP is ony assigning you a single subnet /30 which is use between their router and your edge L3 device, it's either you didn't request for additional subnet or this is the only available subnet for the service you requested (or a lousy ISP :) )

Configuring NAT with only /30 in your edge router.

- Between your router and ASA is /30 (i.e. 192.168.1.0/30)

- Inside your ASA is /24 (i.e. 192.168.2.0/24)

- From your router, route 192.168.2.0/24 to ASA

- No NAT needed in ASA

- NAT should be done in the router in which 192.168.2.0/24 is the inside ip address

Regards,

Dandy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card