Link on ASA directly

Unanswered Question

Hi,

I got my internet link on ethernet.I need to terminate the this to my ASA 5510.

Question:

Will i be able to go to internet??

Do i need to define name -server (i.e the DNS by isp) to my firewall?for router it used to be like this ip name-server 202.x.x.x.Is it the same in ASA?


If i am having only one public ip that too on my outside interface then how should I PAT?

Can somebody provide me Access-list scenarios in this case as well.I am doing ASA for first time.know access-list in router.As far as firewall is concerned I worked on checkpoint and fortigate GUI.How to customize the services.What does fixup do?????


Thanks in advance...


Reg,

Sushil





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

What do you mean Internet on Ethernet?


Do you mean that you will have a public IP address available that can be used to configure the outside interface of the ASA.


If yes, then you have nothing to worry about.


Set the inside interface to the Private IP address of your LAN and use PAT for traffic


global (outside) 1 interface

nat (inside) 1 192.x.x.x 255.255.255.0 (private LAN subnet)


You can use static Rules and access lists to re-direct incoming traffic like SMTP or OWA to specific servers


static (inside,outside) tcp interface https host 192.x.x.x https

static (inside,outside) tcp interface smtp host 192.x.x.x smtp


Access List and Group commands as required. Note that the masks work differently as those on routers.


The fixup commands were used on the old PIX models. The ASA uses inspection policies and are already setup for most common traffic scenarios.


The ASA also has a GUI interface ASDM which makes it much easier to configure the ASA.


A link to a helpful document is below:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml


Good Luck

Bosco

srue Fri, 04/18/2008 - 06:37

sounds like his ISP is handing off an standard ethernet connection (perhaps a 10mbps?)...

you should be able to plug that in directly...

if their connection is coming from a switch, you can use a standard straight through cable, if it's coming from a router, you will probably need a x-over cable.

Actions

This Discussion