Setup ASA 5505

Unanswered Question
Nov 4th, 2008
User Badges:

Hi All,


I relatively new to ASA5505 devices, but I try to understand the following: My ISP provides me with 4 static IP's in a so call routed subnet, so no NAT is available. I don't understand how to setup a internet connection for the inside network. Let me explain. My ADSL modem provides four utp connections all responsible for one external IP address. To connect to the internet I setup an Linksys device (RV042) connected to one port of my ADSL modem. To set it up I must configure a static WAN IP, a subnet and a (external and in the same range) gateway. Works fine!


I would like to setup Remote Access by VPN, using VPN client software, but I don''t understand how to configure my ASA5505 to connect the internal network (behind the ASA) with the external (internet). Do I have to use the RV042 linksys between, or can I connect my ASA directly to my ADSL modem? Is it possible to use my ASA when only routed subnet is available?


Using the Cisco ASDM utility I see it's possible to setup port '0' as an Outside port, connecting to an external network (internet), and it is possible to set it up for an static IP, but to connect it properly to my ADSL modem it needs an gateway IP aswell...what isn't possible... So I'm stuck in the mud now.... Any help is welcome!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
netwalkr1 Tue, 11/04/2008 - 16:56
User Badges:

Hi Sir! I'll do my best to steer you in the right direction.


1) Yes, you can achieve your requirements with a single routed subnet from your service provider.


2) Start here>

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094768.shtml


http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/usrguide.html


http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdmproc.html



HTH and Good luck!


Shaun

Tim Roelands Wed, 11/05/2008 - 11:24
User Badges:

So, if understood correctly, I don't need the Linksys to setup a proper connection? The first URL looks promising, but I can't understand the setup. I never used my ASA in CLI mode.


Looks like they setup an external WAN IP on the outside port '0'. (image shows an x.266, I guess that's a mistake I should be x.226)..bit strange..My WAN IP is x.x.x.83 / 255.255.255.248. Any help?



netwalkr1 Wed, 11/05/2008 - 15:52
User Badges:

Yes, it helps a bit.


Your outside interface will be x.x.x.8x with a subnetmask of 255.255.255.248. This interface will have a security level of 0 (untrusted). The inside interface will be your LAN subnet possibly your default gateway for the inside hosts. Example: 10.1.1.1 255.255.255.0. This inside interface should have a security level of 100(trusted). I'm sorry but, I don't use the ASDM so I will do my best to provide links with that information. Your outside interface will NAT all inside traffic to the outside interface IP address and you will need a default route to the service provider. Here is an example config (CLI).


interface Ethernet0/0

nameif Outside

security-level 0

ip address x.x.x.84 255.255.255.248

!

interface Ethernet0/1

nameif Inside

security-level 100

ip address 10.1.1.1 255.255.255.0

!

global (outside) 10 interface

nat (inside) 10 0.0.0.0 0.0.0.0


route outside 0.0.0.0 0.0.0.0 x.x.x.83


ASDM Help:

http://www.netcraftsmen.net/welcher/papers/asdm01.html


Tim Roelands Wed, 11/05/2008 - 22:37
User Badges:

Thanks again netwalkr1. So the Linksys is out, the ASA is connected directly to my ADSL routed subnet modem? I'll let you know when I succeed... ;)

Actions

This Discussion