We have a new ASA 5510. We are not sure of the basic configurations. We want to use the ASA as a firewall and VPN. For the VPN, we are going to setup group policies for the VPN client. There is no router between the ASA and the internal networks. Here is the basic configuration. Do you see anything wrong? Is there anything else that we need to setup in terms of routing?
1. The outside IP address is 22.214.171.124, network mask 255.255.255.248, gateway 126.96.36.199. Is this what we would enter on the Outside interface?
ip address 188.8.131.52 255.255.255.0
2. We want to NAT each private IP address to each public IP address. The public IP addresses are from 184.108.40.206 - 220.127.116.11, subnet mask 255.255.255.192. Are these the correct NAT statements?
static (Inside,Outside) 18.104.22.168 192.168.100.1 netmask 255.255.255.255
static (Inside,Outside) 22.214.171.124 192.168.100.2 netmask 255.255.255.255
static (Inside,Outside) 126.96.36.199 192.168.100.3 netmask 255.255.255.255
static (Inside,Outside) 188.8.131.52 192.168.100.4 netmask 255.255.255.255
static (Inside,Outside) 184.108.40.206 192.168.100.5 netmask 255.255.255.255
3. This is the Route Outside statement. Does it look correct? The IP address 220.127.116.11 is the default gateway of 18.104.22.168 which is the outside interface of ASA
route Outside 0.0.0.0 0.0.0.0 22.214.171.124 1
3. Since the outside interface of the ASA and the public IP addresses are on different networks, do we need another route statement?
Everything is correct with these exceptions:
1. Change the mask
no ip add
ip address 126.96.36.199 255.255.255.248
2. Since the public IPs are on a different subnet than the outside IP of the ASA, you need to make sure the ISP knows how to send
to the ASA the traffic intended to those IPs.
Hope to help.