Solved: Connecting an ASA 5510 to an internal VLAN router for NAT

gdawsont2systems · ‎08-14-2008

I am attempting to connect an ASA 5510 to my internal router (2811) which routes between VLANS. I want to be able to NAT to all the VLANs that the internal router handles. Currently, I have a trunk port connected from the SWITCH to the 2811. In order to use NAT I want to be able to connect my 2811 to my ASA 5510. I am assuming to make this work, I have to setup a trunk between my internal interface on my ASA and the external interface of my internal router. Because the trunk port on the ASA would not have an internal address what would the IP address be of the gateway of last resort on my internal router (the 2811) to ensure that users within the VLANS can get to the internet through my ASA? Also, how can I be certain that NAT works with my ASA, so I can assign NAT rules to the different VLANS / subinterfaces that are on my ASA?

Thanks!

Grant

Marwan ALshawi · ‎08-14-2008

first if u have the router do the vlan routing then u gonna connect the router interface with the asa u dont need any trunk only normal interface with IP address on each side

and what u need to

on the router u need to make defaul route

lets say the router interface connected to the fire wall

is 192.168.1.1

and the asa 192.168.1.2

do

ip route 0.0.0.0 0.0.0.0 192.168.1.2

on the asa

do

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

and u need static route for internal vlans

lets say vlan 1 u ahv 10.1.1.0/24

and vlan 2 20.1.1.0/24

on asa:

route inside 10.1.1.0 255.255.255.0 192.168.1.1

route inside 20.1.1.0 255.255.255.0 192.168.1.1

and default route for internet

route outside 0.0.0.0 0.0.0.0.0 [next hop to the inrenet]

good luck

please if helpful rate

View solution in original post

Marwan ALshawi · ‎08-14-2008