Connecting an ASA 5510 to an internal VLAN router for NAT

Answered Question
Aug 14th, 2008
User Badges:

I am attempting to connect an ASA 5510 to my internal router (2811) which routes between VLANS. I want to be able to NAT to all the VLANs that the internal router handles. Currently, I have a trunk port connected from the SWITCH to the 2811. In order to use NAT I want to be able to connect my 2811 to my ASA 5510. I am assuming to make this work, I have to setup a trunk between my internal interface on my ASA and the external interface of my internal router. Because the trunk port on the ASA would not have an internal address what would the IP address be of the gateway of last resort on my internal router (the 2811) to ensure that users within the VLANS can get to the internet through my ASA? Also, how can I be certain that NAT works with my ASA, so I can assign NAT rules to the different VLANS / subinterfaces that are on my ASA?


Thanks!


Grant

Correct Answer by Marwan ALshawi about 8 years 7 months ago

first if u have the router do the vlan routing then u gonna connect the router interface with the asa u dont need any trunk only normal interface with IP address on each side


and what u need to

on the router u need to make defaul route


lets say the router interface connected to the fire wall

is 192.168.1.1

and the asa 192.168.1.2

do


ip route 0.0.0.0 0.0.0.0 192.168.1.2


on the asa

do


nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface


and u need static route for internal vlans


lets say vlan 1 u ahv 10.1.1.0/24

and vlan 2 20.1.1.0/24


on asa:

route inside 10.1.1.0 255.255.255.0 192.168.1.1

route inside 20.1.1.0 255.255.255.0 192.168.1.1


and default route for internet


route outside 0.0.0.0 0.0.0.0.0 [next hop to the inrenet]


good luck


please if helpful rate

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marwan ALshawi Thu, 08/14/2008 - 16:03
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

first if u have the router do the vlan routing then u gonna connect the router interface with the asa u dont need any trunk only normal interface with IP address on each side


and what u need to

on the router u need to make defaul route


lets say the router interface connected to the fire wall

is 192.168.1.1

and the asa 192.168.1.2

do


ip route 0.0.0.0 0.0.0.0 192.168.1.2


on the asa

do


nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface


and u need static route for internal vlans


lets say vlan 1 u ahv 10.1.1.0/24

and vlan 2 20.1.1.0/24


on asa:

route inside 10.1.1.0 255.255.255.0 192.168.1.1

route inside 20.1.1.0 255.255.255.0 192.168.1.1


and default route for internet


route outside 0.0.0.0 0.0.0.0.0 [next hop to the inrenet]


good luck


please if helpful rate

gdawsont2systems Thu, 08/14/2008 - 16:09
User Badges:

That's exactly what I found in my separate research - thanks for the reply I will definitely rate!

Actions

This Discussion