Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA with Pubilc IP's on both sides

HI All,

I have a ASA which i would like to put between my router and server but im stuggling to fine a sample config,

The router fully supports all our public ip's directly through and the individual servers which have the public address manually configured, I want to place the asa between the two point and just setup access list to allow specific traffic. Does any one have any ideas on how i can achieve this.

Thanks.....Aaron

5 REPLIES

Re: ASA with Pubilc IP's on both sides

Hi,

If the ASA is going to have public IPs on the outside and inside, then you can avoid NAT on the ASA.

All you need to take into account is that outbound traffic is permitted by default and inbound traffic must be explicitly permitted by an ACL.

I assume that the ASA is going to act as a Firewall so configure the appropiate Firewall rules as well.

Federico.

New Member

Re: ASA with Pubilc IP's on both sides

would this use two public ip through, i do remember in the past i have used ip unnumbered but the asa doesent seem to support this,

Re: ASA with Pubilc IP's on both sides

The ASA does not support unnumbered interfaces or loopbacks, what I'm saying is that you can have public range of IPs on both outside and inside.

In that case, NAT is not necessary on ASA.

Federico.

New Member

Re: ASA with Pubilc IP's on both sides

just a quick idea - maybe ASA transparent mode is an option for your setup.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

Cheers Michael

Re: ASA with Pubilc IP's on both sides

I agree with Michael's suggestion.

Just remember the limitations associated with having the ASA in transparent mode (no VPN support, no dynamic routing protocols, etc).

Federico.

704
Views
0
Helpful
5
Replies