My question is do I really need a router as i am getting link of ethernet int.I am planning to terminate the link on ASA ethernet int directly and PAT it there.So I am sure my 122.x.x.114/30 is to PATTED and traffic is to be routed to the remote gateway at ISP end i.e 122.x.x.113.
Even I want to use 5 server on public network.So I have to use 5 of the IP addresses out of the pool to STATIC NAT with my DMZ network.What the mask and subnet range is different than my PATTED IP.
Here want to understand will this work without a router in front of my ASA or ASA will serve the purpose.What is the command to provide dns IP on ASA (equivalent to ip name-server 220.127.116.11 on routers)?
By default cisco asa is configured as a routed firewall and you should be able to put the ip address of your ISP provider and label it as outside. As for the command, sorry not familiar with commands only GUI. Configuration ->DNS->DNS Client->Add the DNS and below DNS lookup enable the interface for DNS lookup.
Thanks for your reply.Still not clear about routing stuff.As ISP has to sync with my end and oviously that they are doing with two IP's one at my end and other at their end having /30 mask.Thats what they call WAN IP.So I will need to route traffic through something like 0.0.0.0 0.0.0.0 122.x.x.113.
Now what about my pool of 16 IP address with /28 mask which I got.How and where to use these?NAT or PAT to which IP address i.e /28 or /30 address on ASA to my internal RFC1918 addresses?
In ASA or PIX there could be security level
say outside(0) for outside
inside (100) for inside
Confusion is that link of /30 on outside.192.168.0.0/24 on internal.Oviously link will come on outside and i should PAT with that ouside int with global command..
How can i use rest of my pool of IP's.Say statically natting in dmz with 172.16.20.0/16 with any of the ip.Will DMZ users will be able to go to internet or not?
Keeping in mind that mask on outside int is with /30 mask???
Thanks Suresh for the info.Does this ok run like this.I never did it before as I used to get the link terminated on router and then used any of the IP out of the pool to PAT on firewall.Well seems as patting on router (with overload) and here with global command on ASA..
I am extremely thankful to you for this.Well what is the best way to config ASA.through ASDM or Command line?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...