Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5505 Connected To Linksys Router

Hello, I have a cable modem internet connection and my cable modem is connected to an ASA 5505.  The inside interface of the ASA has an IP address of 192.168.2.2 and is connected to a Linksys router's internet port which has an IP address of 192.168.2.1.  The Linksys router then has a local area network of 192.168.1.0 and all my clients are on that network.  Everything is working fine except in my ASA logs all the traffic shows up as the router's external address which is 192.168.2.1.  I would like to see the 192.168.1.x address of the clients in the ASA firewall.  I've tried making some changes to the Linksys router but that hasn't resolved it.  Is there any changes I can make on the ASA to get this to work?   Below is some of the config:

ASA Version 8.2(5)

!

hostname djchristasa

enable password k7X9tTHKoCUET/3Z encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.2.2 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

ASA Version 8.2(5)

!

hostname djchristasa

enable password k7X9tTHKoCUET/3Z encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.2.2 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

I didn't post ACL's and some other things.  Please let me know if you need more.

Thanks,

Dave

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

ASA 5505 Connected To Linksys Router

Dave

The Linksys doing NAT is the reason why the ASA sees all the traffic as having source address as 192.168.2.1. The only way for the ASA to see the original 192.168.1.x address is to change the Linksys to not do NAT.

One thing that I notice is that there is not a route statement in what you posted for the 192.168.1.0 network. It is not clear whether the route does exist and you did not post it or whether the route does not exist. But if it does not exist it would certainly be a reason why you lose Internet connectivity when you change the Linksys to not perform NAT. (the ASA would have no knowledge of how to forward to the network and would drop all the traffic). Try adding the route to the ASA and changing the Linksys to not perform NAT and let us know if it works.

HTH

Rick

6 REPLIES
Purple

ASA 5505 Connected To Linksys Router

Hi,

if your Linksys is doing NAT that is normal. Is there a way to disble NAT on such routers, I don't know but you should ask in the small business section and maybe they will tell you how to do it if it's possible.

Regards.

Alain.

Don't forget to rate helpful posts.
Community Member

ASA 5505 Connected To Linksys Router

The Linksys is doing NAT.  When I disable the NAT on the Linksys router I lose my internet connection.

Hall of Fame Super Gold

ASA 5505 Connected To Linksys Router

Dave

The Linksys doing NAT is the reason why the ASA sees all the traffic as having source address as 192.168.2.1. The only way for the ASA to see the original 192.168.1.x address is to change the Linksys to not do NAT.

One thing that I notice is that there is not a route statement in what you posted for the 192.168.1.0 network. It is not clear whether the route does exist and you did not post it or whether the route does not exist. But if it does not exist it would certainly be a reason why you lose Internet connectivity when you change the Linksys to not perform NAT. (the ASA would have no knowledge of how to forward to the network and would drop all the traffic). Try adding the route to the ASA and changing the Linksys to not perform NAT and let us know if it works.

HTH

Rick

Community Member

ASA 5505 Connected To Linksys Router

Hi Dave,

In linksys router there is a option where we can select the router mode. By default gateway is the mode. make it as router. and configure default route to ASA's inside IP address. Also put a route in ASA to route to LAN network. you can configure as below.

route inside 192.168.1.0 255.255.255.0 192.168.2.1

I hope this will work.

Thanks

Vipin

Thanks and Regards, Vipin
Community Member

ASA 5505 Connected To Linksys Router

I had my route in ASA going to 192.168.1.1 instead of 2.1.  I then turned off NAT on router and everything works correctly.  Thanks for help.

Hall of Fame Super Gold

ASA 5505 Connected To Linksys Router

Dave

Thanks for posting back to the forum to indicate that you have solved the problem. I am glad that my suggestion pointed you toward the solution. Thank you for using the rating system to indicate that the question was answered (and thanks for the points). It makes the forum more useful when people can read about an issue and can know that a solution will be in the thread. Your marking has contributed to this process.

HTH

Rick

2997
Views
0
Helpful
6
Replies
CreatePlease to create content